Researchers at SecureMac, a company that produces security software dedicated for Mac computers, has announced that it has discovered a Trojan horse that can affect MAC OS X versions 10.4 and 10.5, commercially known as Tiger and Leopard respectively.

The Trojan horse takes benefit of a security bug of the Apple Remote Desktop Agent (ARDAgent), and allows a hacker to do send whatever commands he likes to your Mac. Among the things that a malicious user can do are taking pictures with Mac’s built-in camera, Apple iSight, erase all your files, change passwords and even program the system to perform a set of commands periodically.

The security threat, which has been classified by SecureMac as being critical, manages to avoid being recognized by the system by opening firewall ports and by disabling system logging.

A Mac user can infect his computer only if he downloads and then runs the program that contains the virus. This comes in form of a compiled AppleScript or a bundled application. According to the Mac Observer, Nicholas Raba, an employee at SecureMac, said that the name of the AppleScript is ASthtv05 and is 60 KB in size, and the name of the application bundle is AStht_v06 and is 3.1MB in size.

A few ways to protect your Mac system against this Trojan horse are enabling Remote Desktop, completely disabling ARDAgent, or removing ARDAgent from its default location and achieving it.

Both SecureMac and Intego Security have announced that they have already updated their antivirus software for the two Mac operating systems to fight back against this new malware too.