New Malicious Program HellRTS Identified

Intego, the computer anti-malware company, has spotted HellRTS.D, a fresh malware variant that infects Mac OS X. While installed, this malware creates a backdoor on the system that allows hackers to acquire full control of the PC without attracting the user's notice, reported arstechnica on April 19, 2010.

States the security company, HellRTS was first found back in 2004. This new version of malware represents a Universal binary which can contaminate both Intel-based Macs and PowerPCs. For this, it establishes a server which is connected to the victim's login details, facilitating the attacker to remotely access the infected PC.

Evidently, this variant is also capable of replicating and renaming itself, making it seem to be a genuinely installed application. Consequently, detection of this malware becomes difficult. The various activities that this malware performs includes sending spam mails, downloading software, accessing files, establishing screen sharing, and copying everything from the clipboard.

While HellRTS.D isn't a worm or a virus, Intego cautions that the program may be served in the form of a Trojan horse. This tactic, notes the company, has been marginally effective in the past.

Furthermore, Intego points out that HellRTS can also be used as an attack's payload to exploit a security flaw within an Internet program or a Web-browser.

The company also states that the malware's infection levels are presently extremely low since to install the backdoor, the person doing it will have to physically access the system. However, the attack's exploit can be found on various forums for hackers that criminals can avail of.

Meanwhile, there isn't any mention of threat mediums like spam attachments as there hasn't been use of one hitherto. However, the most probable mode of attack appears to be an infected file.

According to the company, while malware attacks specific to Mac came up in many instances at different times, the current variant was for an assault that had been there since 2004. This, according to Intego, would appear strange to users of Windows who were nonetheless attacked with numerous variants on majority of days. TECHWORLD published this on April 18, 2010.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 4/29/2010