iTWire - Mac malware bends browsers to suspect sites

Kevin Callahan kcall at mac.com
Fri Nov 2 08:55:00 PDT 2007 

On Nov 2, 2007, at 5:30 AM, LuKreme wrote:

> On 2-Nov-2007, at 00:44, David Cake wrote:
>> At 5:34 PM -0700 1/11/07, Hex Star wrote:
>>> On 11/1/07, Kevin Callahan <kcall at mac.com> wrote:
>>>> http://www.itwire.com/content/view/15133/53/
>>>> http://www.macworld.com/2007/10/firstlooks/trojanhorse/index.php
>>>
>>> If a user is dumb enough to download random software off the  
>>> internet,
>>> extract it, run it and then enter their administrative credentials
>>> then IMO they deserve to have their system owned. Everyone else is
>>> safe :)
>>
>> 	Sure, but reporting an active attempt to exploit this variety  
>> stupid is useful and valid, and attempting to find ways to close  
>> the effectiveness of the exploit is valid too.
>
> But there is no way to close this type of hole.  As long as the user  
> has admin access to the machine something like this can always happen.
>
>> 	Its worth considering how Apple could use, say, the file system  
>> events watching capabilitiies (FSEvents) used by Time Machine to  
>> pick up odd and important changes to the file system and inform  
>> users of that  - changes to the root cron tab, and changes to DNS  
>> setttings, are both things that I wouldn't mind being informed  
>> about when they happen, even if it means I get a few alerts when  
>> its intended behaviour every now and then.
>
> That's not a bad idea, but where do you stop?  What is considered  
> 'dangerous' and what is merely 'annoying'?
>
> OK, I think changes to root's crontab are worth flagging with a,  
> "Hey, we noticed this potentially critical system file changed"  
> warning next time Time Machine fires up, but do we really want DNS  
> changes to generate a warning?  Your DNS can change when your ISP  
> changes you DHCP address, so how often is that?  Often enough that  
> the 'warning' simply becomes annoying?
>
> But the fact is, this 'trojan' is merely an annoyance.  It does no  
> damage. And it's only SLIGHTLY more annoying that flash animation  
> banner ads, and I don't see too many people doing anything about  
> those.

I'm thinking more about the effects of the perception and that the  
rags are essentially celebrating it.

k

More information about the MacOSX-talk mailing list