Re: [NTLK] [OT] Root Kits on Mac?

From: Ed Kummel (tech_ed_at_yahoo.com)
Date: Wed Nov 09 2005 - 21:40:38 PST


Sony's root kit was rather inoccuous...it really didn't do anything dangerious in and of it's self to a computer...What makes it insidious is that it was written so that *ANY* file that was prefixed with $sys$ would be hidden from any attempts to discover it. This could allow a hacker to perhaps convince you to click on a download that installed $sys$keylogger.exe onto your machine and you would never know and no tools would detect it...Essentially, what sony did was 99% of the work that crackers would have had to have done to create a stealth virus. That's what's bad about Sony's rootkit (and not to mention, improper removal could render certain devices no longer functional)
I agree with the sentiment below. I first heard of rootkits in connection with *nix machines, hence the term "root", since root is the holy grail of any *nix cracker attempt. Any while I have heard of other rootkits in the wild for Windows machines, this is probalby the most pervasive and the easiest for any baddie to take advantage of.
Most *nix users claim that their machines are hardened against such attacks, but with so many applications requiring root access or sudo to install, it doesn't take much to slip in a rootkit under the guise of a Pamela Anderson Strip Poker game to lose all control of your *nix machine...
Ed
web/gadget guru
http://newton.tek-ed.com (download Newton packages)
Tony Morrow <gizmo1482_at_gmail.com> wrote:
John wrote:

>I understand that Sony bundled "malware" (I believe this term may have
>been used subjectively) into some of their music CD's which errantly may
>install what could be viewed as a "root kit" to Windows machines. I'm
>wondering if anyone know if such a scheme also exists in the Mac _OSX_
>platform, does anyone know?
>
>
>
>
>
>
I listened to the podcast Security Now with Steve Gibson. According to
him the first root kits were in fact made for Unix systems. Seeing as
how OS X is based on Unix, I don't see why root kits couldn't exist. If
you listen to episode 9 and 12, Steve will go into detail about root
kits and what they do to a system.

"I'm not an expert, but I *did* stay at a Holiday Inn Express once..."
     --Holiday Inn Commercial
                
---------------------------------
 Yahoo! FareChase - Search multiple travel sites in one click.

-- 
This is the NewtonTalk list - http://www.newtontalk.net/ for all inquiries
Official Newton FAQ: http://www.chuma.org/newton/faq/
WikiWikiNewt for all kinds of articles: http://tools.unna.org/wikiwikinewt/


This archive was generated by hypermail 2.1.5 : Thu Nov 10 2005 - 07:30:04 PST