…that I mentioned a day or two ago at http://macviruscom.wordpress.com/2010/04/17/hellish-mac-malware/.
There’s a little more information in Graham Cluley’s blog http://www.sophos.com/blogs/gc/g/2010/04/19/mac-backdoor-trojan-horse-discovered/ and on the Sophos information page at http://www.sophos.com/security/analyses/viruses-and-spyware/osxpinheadb.html.
While there are still no reports of in-the-wild infections, Graham notes:
It does, however, appear to have been distributed disguised as iPhoto, the photo application which ships on modern Mac computers. This is clearly an attempt to fool victims via a social engineering trick into installing the malicious code on their computers.
Kind of ironic. I was working on a presentation this morning with a slide that draws an unkind conclusion from the fact that social engineering used against Mac users almost invariably uses sex-related “hooks”.
David Harley FBCS CITP CISSP
Small Blue-Green World
AVIEN Chief Operations Officer
ESET Research Fellow & Director of Malware Intelligence
Also blogging at: