[X4U] Malware for Mac...
Brett Conlon
brett_conlon at sonymusic.com.au
Tue May 10 23:41:44 PDT 2005
Stroller, wasn't it remiss of you not to warn us in your original email
that viewing this web page will install software without your concent???
I gotta ask!
Coj
Stroller <MacMonster at myrealbox.com>
On May 9, 2005, at 8:55 pm, Matt Gregory wrote:
> For newbies, like me, what kind of possible malware widgets could be
> downloaded in 10.3.9? I thought what was being pointed out was a risk
> in using dashboard, which is a 10.4 thing. I understand the "Open
> safe files" vulnerability now and will turn it off as soon as I get
> home, but I didn't think much of it because none of the "safe" file
> types seemed like possible vulnerabilities...
Try the link: <http://stephan.com/widgets/zaptastic/>
The author describes & provides more than one sample widget which
exploits this behaviour. They're all fairly benign & he describes how
to remove them.
"Ho, ho!" chortled the Macintosh users, "we'd never have to delve into
a folder like ~/Library/Widgets/ or reboot our computers to disable a
program."
I'm pretty confident that Apple will fix this in 10.4.1 - these widgets
show the sort of classic behaviour that malware has done on the PC for
several years now: persistent referrals to a marketing webpage &
pornographic images that are difficult (impossible for the uninitiated
user) to get rid of. You probably *don't* want to run the Goatse.cx
widget - it's not very pleasant. Human curiosity being what it is - I
told you so.
In some ways this isn't a Big Deal - it's easy to disable, Apple'll fix
it soon, and there are unlikely to be many serious 'sploits taking
advantage of it - but it's a great demonstration to those who say Macs
are inherently more secure than PCs.
Stroller.
More information about the X4U
mailing list