The channel wire News
Two Apple Trojans Threaten Users
The ARDAgent allows the virus to execute code as root when it is run on a machine. The ARDAgent virus has the setuid bit. According to Intego, "Users running such an executable [allows the virus to] gain the privileges of the user who owns that executable." In this case, ARDAgent is owned by root, allowing the virus to run code without first entering a password.
ARDAgent can be invoked to execute shell commands through AppleScript.
The second Trojan Mac users need to be aware of comes in the form of a poker game download. The exploit is masquerading as a poker game application that users can download, according to Intego. Called 'Poker Game,' the Trojan requires users to download the application and then run it before it becomes active.
According to SecureMac, the Trojan horse "affects Mac OS X 10.4 and 10.5. AppleScript.THT Trojan Horse runs hidden on the system and allows a malicious user complete remote access to the system, can transmit system and user passwords, and can avoid detection by opening ports in the firewall and turning off system logging."
As an added nasty benefit, the Trojan is also able to log keystrokes, activate the Apple iSight Camera and turn on file sharing. The virus affects Mac OS x 10.4 and 10.5.