Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

New OSX Trojan?

Status
Not open for further replies.
sochet

sochet

macrumors regular
Original poster
Nov 1, 2006
194
4
This maybe old news, but I've just heard that a new Trojan horse has been written for osx that exploits a security problem in Quicktime. I assume Apple will release a patch for this right?

Here's the bbc news link (and yes the link is legitimate)

http://news.bbc.co.uk/1/hi/technology/7079777.stm
 
the linked article said:
Click "ok" and enter your systems adminstrator's password and it will be installed on your computer with full system access... Of course this Trojan relies on social engineering to spread, and it does not mark a breakdown in Mac OS security or anything like that.
Click to expand...

This is not a security breach. There's nothing ANY os can do to stop the user from running software he chooses to run that already requires you to enter your administrator password in order to run.
 
motulist said:
This is not a security breach. There's nothing ANY os can do to stop the user from running software he chooses to run that already requires you to enter your administrator password in order to run.
Click to expand...

Very true but could there be a way for Quicktime to remove compatibility to the offending codec?
 
Yeah this is old news.

By the way, Quicktime 7.4 was released yesterday to address security issues. :rolleyes:
 
There's no security issue it's exploiting, and quicktime isn't involved. Infact, there IS no codec. What happens is:

- You go to the site. It pops up a window, saying that the porn you're trying to get without paying for needs a codec for quicktime.
- You then download an application that pretends to be a codec - it isn't, it's a trojan horse that gets something nasty onto your mac.
- Now, you've downloaded it, so you decide to install the application. You even trust it so much that you give it your admin password so it has full access to the system, and it installs.
Congratulations, you've now replaced the bit of software that connects your mac up with websites, and now when you go to ebay or your online bank, instead you go to a site that LOOKS normal, but is actually owned by some russian bloke who would very much like to borrow some money from your account.

Basically, there are no security breaches here at all, no holes in osx, quicktime or whatever else being exploited (not to say there are no holes - there are!). All that's being exploited is stupidity and trust.
 
sochet said:
Very true but could there be a way for Quicktime to remove compatibility to the offending codec?
Click to expand...

Oh well. Lets say a man knocks on your door. He says he is from the electricity company and needs to read your meter. You let him in, and when you don't watch, he steals everything he sees in your home.

So you are saying that the electricity company shouldn't hire this kind of crooks. Truth is, they didn't. When he said he is from the electricity company, he was lying. When this software said it was a codec for Quicktime, it was lying.
 
Status
Not open for further replies.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back