Right, they download some infected torrent, input their password to install the program they want to install...and with it, the trojan. But they don't have to keep being in root/admin to have the now installed trojan to run.
On Fri, Apr 17, 2009 at 11:34 AM, Matthew Taylor <taylorsmatt...@gmail.com>wrote: > But they need root / admin access to install on a properly run machine. > > The trouble with trying to make things idiot proof is that idiots are so > persistent and ingenious. > > > On Apr 17, 2009, at 2:17 PM, mike wrote: > > Trouble is, these botnets don't need root to run. >> >> On Fri, Apr 17, 2009 at 10:55 AM, Matthew Taylor >> <taylorsmatt...@gmail.com>wrote: >> >> This is what is known in the UNIX world as an "honor virus". You have to >>> put in place software you know to be illegitimate and give it >>> administrative >>> access to install, or do something otherwise known to be self >>> destructive. >>> >>> If I were dumb enough to do this I could discover that shock of shock my >>> enterprise heavily firewalled role restricted servers are vulnerable. >>> >>> Got root / admin + malware = got security issue. >>> >>> Matthew >>> >>> >>> On Apr 17, 2009, at 11:18 AM, Snyder, Mark - IdM (IS) wrote: >>> >>> Mac owners who downloaded pirated ("free") versions of iWork '09 and >>> >>>> Photoshop CS4 - said to be 20,000 downloads - also received the >>>> iServices trojan. The trojan has reportedly begun to activate for DSS >>>> attacks. Details: >>>> <http://www.macnn.com/articles/09/04/17/mac.based.botnet.active/> >>>> >>>> Don't much pity those who d/l pirated software, but it is disturbing to >>>> see OS X vulnerabilities exploited (even though this trojan requires >>>> human stupidity to actually install it). >>>> >>>> Thank you, >>>> >>>> Mark Snyder >>>> >>>> >>> >>> ************************************************************************* >>> ** List info, subscription management, list rules, archives, privacy ** >>> ** policy, calmness, a member map, and more at http://www.cguys.org/ ** >>> ************************************************************************* >>> >>> >> >> ************************************************************************* >> ** List info, subscription management, list rules, archives, privacy ** >> ** policy, calmness, a member map, and more at http://www.cguys.org/ ** >> ************************************************************************* >> > > > ************************************************************************* > ** List info, subscription management, list rules, archives, privacy ** > ** policy, calmness, a member map, and more at http://www.cguys.org/ ** > ************************************************************************* > ************************************************************************* ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *************************************************************************