Re: [NTLK] [OT] Root Kits on Mac?

From: Laurent Daudelin (laurent.daudelin_at_verizon.net)
Date: Thu Nov 10 2005 - 06:48:42 PST


on 10/11/05 00:40, Ed Kummel at tech_ed_at_yahoo.com wrote:

> Sony's root kit was rather inoccuous...it really didn't do anything dangerious
> in and of it's self to a computer...What makes it insidious is that it was
> written so that *ANY* file that was prefixed with $sys$ would be hidden from
> any attempts to discover it. This could allow a hacker to perhaps convince you
> to click on a download that installed $sys$keylogger.exe onto your machine and
> you would never know and no tools would detect it...Essentially, what sony did
> was 99% of the work that crackers would have had to have done to create a
> stealth virus. That's what's bad about Sony's rootkit (and not to mention,
> improper removal could render certain devices no longer functional)
> I agree with the sentiment below. I first heard of rootkits in connection with
> *nix machines, hence the term "root", since root is the holy grail of any *nix
> cracker attempt. Any while I have heard of other rootkits in the wild for
> Windows machines, this is probalby the most pervasive and the easiest for any
> baddie to take advantage of.
> Most *nix users claim that their machines are hardened against such attacks,
> but with so many applications requiring root access or sudo to install, it
> doesn't take much to slip in a rootkit under the guise of a Pamela Anderson
> Strip Poker game to lose all control of your *nix machine...

Ed, glad to see that you're still around!

-Laurent.

-- 
============================================================================
Laurent Daudelin   AIM/iChat: LaurentDaudelin    <http://nemesys.dyndns.org>
Logiciels Nemesys Software               mailto:laurent.daudelin_at_verizon.net
copy protection n.: A class of methods for preventing incompetent pirates
from stealing software and legitimate customers from using it. Considered
silly. 
-- 
This is the NewtonTalk list - http://www.newtontalk.net/ for all inquiries
Official Newton FAQ: http://www.chuma.org/newton/faq/
WikiWikiNewt for all kinds of articles: http://tools.unna.org/wikiwikinewt/


This archive was generated by hypermail 2.1.5 : Thu Nov 10 2005 - 13:30:04 PST