OSX.RSPlug.A Trojan Horse out - Page 2

icemanjc · #9 November 1st, 2007, 03:10 PM

Luckily I haven't been searching for pictures of Britney Spears or anything else like that, so I guess i'm fine. And since it doesn't spread, I dont think theres really anything to worry about.

Natobasso · #10 November 1st, 2007, 03:26 PM

spreading isn't exactly the only thing that can happen. I wonder if this virus has a back door/zombie component?

Rhisiart · #11 November 1st, 2007, 04:14 PM

Quote:

Originally Posted by fryke

So basically, if you ain't stupid, you've got nothing to worry about.

We are all sensible Mac users are we not? Surely no-one is going to be fooled by such a scam?

How about coming back a bit squiffy from the 'pub/bar/opium den' at one in the morning, and instead of being sensible and going to bed, decide to do some eBay shopping or watching YouTube videos of Dubya making an ass of himself?

As Nixgeek & Mikuro stated, just because this virus seems to be associated with porn sites right now, doesn't mean that it will stay contained within that genre of web viewing.

My point is that users may not always make sensible decisions when it comes to Mac security.

Or I am just speaking for myself here?

**fryke** · #12 November 1st, 2007, 04:40 PM

Yeah, but really. If youtube suddenly asked you to install a "codec", would you? I'm not sure.

Rhisiart · #13 November 1st, 2007, 05:03 PM

Quote:

Originally Posted by fryke

Yeah, but really. If youtube suddenly asked you to install a "codec", would you? I'm not sure.

Not now I wouldn't, thanks to personal experience and this forum's educational input over two years. But if I was a relatively new user? Well I'm not sure.

Mikuro · #14 November 1st, 2007, 05:26 PM

Would I? Probably not. But would other reasonable people? Yes, I think so.

To me, it would seem a little fishy, so I would investigate. But most exploits, on all platforms, target people who are NOT experts, who do NOT know what's "normal". Let's not confuse inexperience with stupidity.

Reasonable people sometimes get conned in the real world, too.

Now, trusting something from some random porn site...well, that is a bit stupid.

Actually, I thought of something Apple could do to alleviate this problem a bit: always provide a complete list of items any .pkg file will install. It should not be up to the pkg author to decide what details the user has access to. It wouldn't be a complete solution (since you can't expect users to understand what a file does just by its name, location, and geeky data like permissions), but it would help, anyway.

I occasionally use Pacifist to peek inside packages before installing, but I really shouldn't need to, and I certainly can't expect typical users to.

**fryke** · #15 November 1st, 2007, 08:14 PM

As you said: It wouldn't help. Think of it this way: A malicious developer of malware certainly wouldn't call the code he's trying to get installed "this.will.delete.all.your.files.app", but rather he'd talk about a codec and he'd _call_ it a codec. Maybe even with some humour. A DivXXX-codec for the porn-site, maybe.

But quite certainly, showing what a package installs wouldn't necessarily help. Even _if_ Apple would make package installation completely safe, the malicious developer then simply wouldn't _use_ Apple's package-installer. There's other ways to install stuff.