Linked by Amjith Ramanujam on Thu 24th Jul 2008 18:01 UTC, submitted by Ward D
Bugs & Viruses Mac Antivirus developer Intego might have stumbled across an OS X specific virus being offered for auction that targets a previously unknown ZIP archive vulnerability. From Intego's posting, it appears that an enterprising auctioneer seems determined to make sure that his name is one that is not forgotten when it comes to Apple security, claiming that his exploit is a poisoned ZIP archive that will "KO the system and Hard Drive" when unarchived.
Thread beginning with comment 324403
To read all comments associated with this story, please click here.
*shrugs*
by kaiwai on Thu 24th Jul 2008 21:18 UTC
kaiwai
Member since:
2005-07-06

What annoys me the most from these scare tactics is this; the mythology that is created that some how there is Johnny Innocent User sitting there and then out of the blue he is attacked by a virus. This mythology created that some how, virus's appear out of no where with no way to trace it back to a single point.

End users download files, they open files, they create files - a download that has a virus in it has to have come from some place. If it is from a large profile download site - then it would be known in a second. So what does that mean? it means that when I see these people become infected I have to ask where they got these files from.

It reminds me of people who complain about vulnerabilities in software. Some require no intervention of ones own self - blaster worm being the best example of this. A unpatched computer only needs to appear on the internet to get infected - my aunty's computer as an example of that.

Then there are those which are propagated through websites - to which I have to ask myself - what websites are you going to that propagate these worms and virus's? they don't seem like very reputable websites if they're infecting their audience!

I'm not blaming the end user outright, but I do think that the end user needs to have a good hard look in the mirror and ask whether they're the 'weakest link' when it comes to security.

Edited 2008-07-24 21:23 UTC

Reply Score: 2

RE: *shrugs*
by WorknMan on Thu 24th Jul 2008 22:10 in reply to "*shrugs*"
WorknMan Member since:
2005-11-13

Then there are those which are propagated through websites - to which I have to ask myself - what websites are you going to that propagate these worms and virus's? they don't seem like very reputable websites if they're infecting their audience!


It could be a server that got hacked and is now infected.

I think the real question nobody is asking is this: if they spotted a guy trying to sell a virus, why didn't somebody break both of his legs? I bet the little bastard would think twice about writing another virus ;)

Reply Parent Score: 2

RE: *shrugs*
by Punktyras on Thu 24th Jul 2008 22:17 in reply to "*shrugs*"
Punktyras Member since:
2006-01-07

Then there are those which are propagated through websites - to which I have to ask myself - what websites are you going to that propagate these worms and virus's? they don't seem like very reputable websites if they're infecting their audience!


And what about sites, that are/were reputable, but got pwnd and spead virii without knowing it? Sure it's an exception, but not so rare it could be neglected.

Reply Parent Score: 2

RE[2]: *shrugs*
by MobyTurbo on Thu 24th Jul 2008 22:56 in reply to "RE: *shrugs*"
MobyTurbo Member since:
2005-07-08

And what about sites, that are/were reputable, but got pwnd and spead virii without knowing it? Sure it's an exception, but not so rare it could be neglected.


That's not rare at all, hundreds of thousands of sites are like that from one recent MSSQL injection attack alone. Another possibility are infected ad-banners. Otherwise "reputable" ad banner networks, such as doubleclick, sell towards the end of the month when commission pressure is high, some malware-spreading ad banners that appear on reputable sites.

Edited 2008-07-24 22:58 UTC

Reply Parent Score: 1

RE: *shrugs*
by StephenBeDoper on Fri 25th Jul 2008 01:58 in reply to "*shrugs*"
StephenBeDoper Member since:
2005-07-06

Then there are those which are propagated through websites - to which I have to ask myself - what websites are you going to that propagate these worms and virus's? they don't seem like very reputable websites if they're infecting their audience!


In many cases I've seen, users get infected by visiting relatively-innocuous sites that have been hit by SQL injection attacks. That's the main purpose of most of the SQL injection attacks I've seen recently: the attackers insert code for an invisible iframe, and the iframe source is set to load a malicious page on another site. I've also seen the same thing done with SCRIPT tags to load an external (malicious) javascript file.

Reply Parent Score: 2