|
|
More Confirmation
I think that we are being a little short-sighted in this discussion. Sure, in this case it is a simple Applescript that deleted the users home directory. But as pointed out in the earlier discussions, the same thing can be achieved by a number of methods. This doesn't really concern me as much since this only affects the user downloading the malicious script. It seems very plausible that the same script could have been modified to go and get the names and emails addresses of everyone in that persons' address book, which could then send a message to everyone in the address book to execute something that reads, "see new photos of my vacation." Of course the sender is the person who activated the malicious script in the first place so people receiving the email would be unaware of what is going on since they believe it is coming from someone they know. The execution of the script would then be out of control. The recipicients of the emails would then become the victims of this trojan horse and the process would just continue until knowledge of the script spread worldwide.
More Confirmation
It seems very plausible that the same script could have been modified to go and get the names and emails addresses of everyone in that persons' address book, which could then send a message to everyone in the address book to execute something that reads, "see new photos of my vacation." No, in fact, it does not seem very plausible. AppleScript has no native capabilities to send e-mails in the background. It would either have to script Mail, in which case the user would have to be completely blind not to notice the e-mails leaving his machine, or it would have to use "do shell script" to automate the sending of the mail through sendmail (on Jaguar) or postfix (on Panther). But both sendmail and postfix are off by default. The kind of user who would activate them is precisely the kind of user who is unlikely to get bitten by such an AppleScript.
More Confirmation
Sendmail and postfix are mail routing programs, they take an incoming mail and send it somewhere else. You can send mail without using sendmail or postfix. For example, through "do shell script" you could use the mail command or you could use the telnet command - both will work to send out e-mail.
More Confirmation
Sendmail and postfix are mail routing programs,Yes. they take an incoming mail and send it somewhere else.Yes, but that's not all they do. You can send mail without using sendmail or postfix.Locally, yes, but not across the internet on a stock OS X installation. Try it; it will fail. If it doesn't, it's because you've enabled sendmail or postfix. For example, through "do shell script" you could use the mail commandNot through a stock installation. or you could use the telnet commandBy telnetting to an outgoing mail server, sure--but that requires knowledge of a compromised mail server at the time the author is writing the script or it requires him to set up such a server--and the latter activity is likely to lead authorities to him. So even though sendmail and postfix might not be activated you don't need them to send e-mail through the command-line.Yes, you do, on a stock OS X installation. It would indeed be easy to make a self-replicating trojan out of AppleScript.Then make a proof-of-concept. Intego will be happy to publicize it. I look forward to seeing the stories... (By the way, it couldn't be "self-replicating." AppleScript requires the user to run it; "self-replicating," in the world of viruses, etc., is confined to programs that can be activated without user intervention--simply by opening an e-mail, visiting a webpage, etc.)
From my email...
The following was sent in by an unregistered user; I thought it interesting enough to post. Everything below the hyphens is the user's text, not mine (previous replies noted by single and double bars -- |, ||).
-rob. ------------------- || You can send mail without using sendmail or postfix. | Locally, yes, but not across the internet on a stock OS X installation. Try it; it will fail. If it doesn't, it's because you've enabled sendmail or postfix. There are many mail agents out there. Most Windows mass mailing worms include their own smtp agent. For a simple mass mailer, they are trivial to write || For example, through "do shell script" you could use the mail command | Not through a stock installation. || or you could use the telnet command | By telnetting to an outgoing mail server, sure--but that requires knowledge of a compromised mail server at the time the author is writing the script or it requires him to set up such a server--and the latter activity is likely to lead authorities to him. Actually, all you need is the address of the user's smtp server which can be found in this file: ~/Library/Preferences/com.apple.mail.plist You'd probably want to use the XML parser to extract smtp server names correctly. Of course, since a worm isn't too concerned with efficiency, trying to nslookup all strings (i.e. those things within tags) would eventually work too. So what's the answer? Don't run anything from unknown or untrusted sources! |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.09 seconds |
|