More malware surfaced for the Mac last week, but it’s the usual bad news, good news scenario.

The bad news is that at least a few of the black hats of cyberspace consider Mac users worth their trouble, an unwanted side effect of the Mac’s ever-growing user base.

The good news is that none of the exploits is a virus that can propagate itself in the wild, something common in the Windows world. The new Mac malware threats consist of a coulple of Trojans – something the user must download and execute – and a phishing scheme.

Thus simply exercising caution and common sense should keep the typical Mac user safe from harm.

Of the threats reported by security firms Intego and SecureMac last week, the most pernicious is OSX.Trojan.PokerStealer. Once downloaded, “PokerGame” looks like an application, but launching it brings up a dialog box reporting a “corrupt preference file.” The dialog requests the user’s administrator password ostensibly to enable repair of the corrupt file.

But instead, Intego says, the Trojan sends the user name, password and IP address to a remote server, which could enable someone to take control of the Mac remotely and damage the system, including the deletion of files.

Intego also reported a vulnerability in the ARDAgent of Mac OS X’s Remote Management software. Few home users bother with this, as its primary use is for IT departments to manage Macs in an office setting. However, because the feature is built in to OS X, the issue affects all users.

Ironically enough, the best defense against this threat is to turn on Remote Management in the Sharing Preference Pane -- having the feature enabled thwarts an attack. (Intego says OS X 10.5 Leopard’s similar but unrelated Screen Sharing feature “has no effect on this vulnerability.”)

Like the PokerGame Trojan, the ARDAgent vulnerability requires significant user cooperation. Since this exploit depends on ARDAgent’s ability to run AppleScripts, the user must download an application booby-trapped with an AppleScript that contains certain shell commands.

When executed those shell commands give the application root privileges over the system. Root privileges in OS X essentially grant the power to change or delete anything in the system. That’s a bad thing, particularly when malware’s involved.

SecureMac warned of a specific exploit based in the ARDAgent vulnerability, AppleScript.THT. The company claimed a hacker Web site has put this Trojan script in the wild with the intention to propagate it via iChat and the file-sharing application Limewire.

In addition to gaining access to a Mac system as root, Secure Mac said AppleScript.THT “can log keystrokes, take pictures with the built-in iSight camera, take screenshots and turn on file sharing.”

Once again, however, the AppleScript must be downloaded and executed by the user – it doesn’t spread by itself. It may appear either as a compiled 60-kilobyte AppleScript called Asthtv05 or as a 3.1-megabyte application bundle called AStht_v06.

SecureMac further warns that once launched the AppleScript.THT “will move itself into the /Library/Caches/ folder, and add itself to the System Login Items.”

Finally, I’d like to add a Mac-specific phishing scheme I recently received in my e-mail. Targeted at .Mac subscribers, the e-mail cites a “billing problem” and provides a link for the victim to verify billing information.

The link is fraudulent of course, its purpose to bamboozle unsuspecting Mac users out of their credit card information.

Some cynics last week dismissed the new malware threats as attempts on the part of the Intego and SecureMac to sell unneeded security software to Mac users.

I agree to a point but nevertheless advise vigilance against falling into the traps set by the bad guys. I don’t necessarily think Mac users need to rush out and buy security software, but the more popular the Mac gets, the more of this stuff we’re going to see.

Forewarned is forearmed.