Advanced Mac OS X Rootkits released
At BlackHat USA 2009, Dino Zovi presented â€œAdvanced Mac OS X Rootkitsâ€ covering a number of Mach-based rootkit techniques and some tools that he has developed to demonstrate them. While the majority of Mac OS X rootkits employ known and traditional Unix-based rootkit techniques, these Mach-based techniques show what else is possible using the powerful Mach abstractions in Mac OS X.
The presentation covered a number of Mach-based rootkit tools and techniques including user-mode Mach-O bundle injection, Mach RPC proxying, in-kernel RPC server injection/modification, and kernel rootkit detection.
Find here the complete article along with code source of the rootkit.