Linked by Amjith Ramanujam on Thu 24th Jul 2008 18:01 UTC, submitted by Ward D
Bugs & Viruses Mac Antivirus developer Intego might have stumbled across an OS X specific virus being offered for auction that targets a previously unknown ZIP archive vulnerability. From Intego's posting, it appears that an enterprising auctioneer seems determined to make sure that his name is one that is not forgotten when it comes to Apple security, claiming that his exploit is a poisoned ZIP archive that will "KO the system and Hard Drive" when unarchived.
Permalink for comment 324513
To read all comments associated with this story, please click here.
RE: Hardly likely
by looncraz on Fri 25th Jul 2008 06:30 UTC in reply to "Hardly likely"
Member since:

Imagine if you will:

1. Create trojan application which acquires root privilege because the user is not suspicious.

2. Use elevated status to integrate virus with the system as tightly as possible.

3. Read e-mail addresses from the address book, and hack the e-mail program to automatically attach the trojan.

4. Wait for one hour, giving the user a chance to forget the last thin they did on the computer.

5. Ensure the next time a browser is lauched, it crashes.

6. Give the three-finger solute to the boot sector and partition table, zap holes on the cylinder boundaries.

7. Enjoy the ensuing chaos.

Naturally, though, while it is possible to do the above, these kinds of infections have problems spreading. They are devastating and draw much attention - the author will likely be caught and punished.

This is one of the real reasons why these types of infections have nearly vanished. Another big reason is that those with the know-how have discovered that they could avoid their risks and make money with ad&spy-ware - sorta mostly legally [ ;-) ].

Of course, the above steps really require knowledge of multiple issues, but only one exploit ( obtaining root ), which can be very easy thanks to general complacency in the Apple community of users.

--The loon

P.S. I run BeOS, it would be pretty easy to do my machine in - write a script which simply states rm -rf /boot/ and call it some app on BeBits :-)

Reply Parent Score: 2