iTWire - Mac malware bends browsers to suspect sites

LuKreme kremels at kreme.com
Fri Nov 2 05:30:38 PDT 2007 

On 2-Nov-2007, at 00:44, David Cake wrote:
> At 5:34 PM -0700 1/11/07, Hex Star wrote:
>> On 11/1/07, Kevin Callahan <kcall at mac.com> wrote:
>>> http://www.itwire.com/content/view/15133/53/
>>> http://www.macworld.com/2007/10/firstlooks/trojanhorse/index.php
>>
>> If a user is dumb enough to download random software off the  
>> internet,
>> extract it, run it and then enter their administrative credentials
>> then IMO they deserve to have their system owned. Everyone else is
>> safe :)
>
> 	Sure, but reporting an active attempt to exploit this variety  
> stupid is useful and valid, and attempting to find ways to close the  
> effectiveness of the exploit is valid too.

But there is no way to close this type of hole.  As long as the user  
has admin access to the machine something like this can always happen.

> 	Its worth considering how Apple could use, say, the file system  
> events watching capabilitiies (FSEvents) used by Time Machine to  
> pick up odd and important changes to the file system and inform  
> users of that  - changes to the root cron tab, and changes to DNS  
> setttings, are both things that I wouldn't mind being informed about  
> when they happen, even if it means I get a few alerts when its  
> intended behaviour every now and then.

That's not a bad idea, but where do you stop?  What is considered  
'dangerous' and what is merely 'annoying'?

OK, I think changes to root's crontab are worth flagging with a, "Hey,  
we noticed this potentially critical system file changed" warning next  
time Time Machine fires up, but do we really want DNS changes to  
generate a warning?  Your DNS can change when your ISP changes you  
DHCP address, so how often is that?  Often enough that the 'warning'  
simply becomes annoying?

But the fact is, this 'trojan' is merely an annoyance.  It does no  
damage. And it's only SLIGHTLY more annoying that flash animation  
banner ads, and I don't see too many people doing anything about those.

-- 
"Give a man a fire and he's warm for a day, but set fire to him and  
he's warm for the rest of his life."

More information about the MacOSX-talk mailing list