Black Hat: Machiavelli - Demo rootkit for Mac OS X
On the last day of the Black Hat security conference, IT security expert Dino Dai Zovi presented his Machiavelli rootkit for Mac OS X. So far, Mac OS X users haven't been a major target for malware, however, this is yet another proof-of-concept demonstration of how malware for the Mac platform might be written.
In keeping with the "divide and conquer" principle and disguised as a Remote Procedure Call (RPC) subsystem, Machiavelli smuggles itself into the Mach kernel, the foundation of Mac OS X. It installs a local agent which, while nearly invisible to the user, can be controlled remotely via the network. Installing the rootkit requires admin rights and even Dai Zovi himself doesn't think that Machiavelli has uncovered a flaw in Mac OS X. The hacker discusses the details in his presentation titled "Advanced MAC OS X Rootkits".
Although the scheduled live demo at the Black Hat conference failed, those who are interested will apparently be able to download and install the demo rootkit for experimentation, in the near future. Dai Zovi also plans to release additional tools, for example iChatSpy (for recording iChat conversations), SSLSpy (for capturing SSL traffic) and iSightSpy (for taking pictures with the webcams integrated in Apple notebooks and displays). However, Dai Zovi has yet to confirm when the tools will be available to download.