Condition Remains GREEN
Intego is reporting that their security researchers have discovered a new variant of the remote administration tool BlackHole RAT (MAAS February 26 2011, Squawk Box 3/15/2010)and has categorized it as OSX/BlackHoleRAT.B. OSX/BlackHoleRAT.B includes an script called Safari.app and isightcapture. The Safari.app file is named as such to fool a user to allow the application access to the network. The isightcapture script takes a photo using the isight camera.
Users should do the following:
- Do not download and install illegal or pirated versions of software, especially related to Adobe suite of Products. (Attack method Squawk Box Post 1/28/2009)
- Install a firewall by a security vendor such as Intego's Virus Barrier 6.
- Always confirm the exact application asking for access to network services.
- Consider covering the iSight camera when in sensitive areas.
- For more restrictive environments the iSight camera hardware shall be removed.
The threat currently is still low but several of the direction of the tactics will be unfamiliar to Mac users. This includes the use of social engineering to invoke user action. We continue to monitor and share all information as it becomes available.