Just a quick note- if you used chmod to change the permissions of ARDAgent to block the privilege escalation vulnerability being used by the new trojans you should still go compress or remove it. Repairing permissions restores ARDAgent and opens the vulnerability again.

I suppose you could also make sure you don’t repair permissions, but it’s easiest to just remove it.

I removed the chmod recommendation from the TidBITS article.

Share: