IAdware Trojan aims for Macs

[pilotError]

I guess this was bound to happen sooner or later...

http://www.securityfocus.com/brief/366

Online fraudsters may be ready to put Mac users in their sights.

On Thursday, antivirus firm F-Secure published a brief analysis of a proof-of-concept adware program for the Mac OS X that could theoretically hook into any application to run attacker-specified code. The program, dubbed IAdware by F-Secure, could be silently installed in a user's account without requiring administrator rights.

"We won't disclose the exact technique used here--it's a feature not a bug--but let's just say that installing a System Library shouldn't be allowed without prompting the user," stated F-Secure in the blog post. "Especially as it only requires Copy permissions."

Vulnerability researchers have increasingly focused on finding flaws in the Mac OS. During the month of November, two serious flaws in Apple's operating system were disclosed as part of the Month of Kernel Bugs (MoKB) project. Researchers and attackers have also focused more on turning vulnerabilities into exploit code, according to a recent report published by Symantec, the owner of SecurityFocus.

The IAdware proof-of-concept code did nothing malicious, but merely opened up a browser each time an application was opened, F-Secure stated.

 

[MacBoobsPro]

I guess this was bound to happen sooner or later...

http://www.securityfocus.com/brief/366

Wasnt this a page 1 item yesterday?

 

[SMM]

So, Symantic looks for ways to defeat systems, provides the roadmap for others who probably would not have found it themselves, they create malware using it, Symantic sells us the software to combat it. These jerks have a nice thing going. It would seem like we need a law (as much as I hate new laws) making it a felony to provide enabling technology used for developing and/or distribution of malware.

 

[Swarmlord]

I hope that Apple continues to work to tighten security so that nothing gets installed without at least prompting the user.