If the option to hide extensions for known file types is enabled in the system, a user may try to open the attached "document", thus launching the Trojan. BackDoor.Macontrol.2 is especially dangerous for machines running Mac OS X Snow Leopard, since it allows programs to write into the Library folder under a user account (this is not possible under Mac OS X Lion). When launched in a compromised system, BackDoor.Macontrol.2 copies itself into the file /Library/launched and creates its configuration file ~/Library/LaunchAgents/com.apple.FolderActionsxl.plist for launch upon system start-up. The Trojan then sends to a remote control server data on the infected computer, including the operating system version, computer name, user account information, and the amount of RAM. Then the Trojan stands by and waits for instructions. Directives that can be carried out by the backdoor include system shut down, sending files to a remote server, and running the /bin/sh shell.This malware is not a danger to systems protected by Dr.Web for Mac OS X, which detects and removes the program. Doctor Web advises users to exercise caution when opening attachments to messages from unknown senders.
View the article