On 4/14/04 8:27 AM, "Peter C.S. Adams" <[EMAIL PROTECTED]> wrote:
> Thus spake John C. Welch <[EMAIL PROTECTED]>, circa 4/14/2004 1:01 AM: >> It's a trojan...everything's vulnerable to trojans, and they're ridiculously >> easy to create if you so want. I wouldn't be getting too cocky anytime soon. > > John's right, and the fact that this is a "proof of concept" is immaterial. > It could just as easily have erased all your files. But it is true that the > ability of this type of trojan to spread is severely limited because it > needs to have its resource fork preserved through MacBinary encoding. But > the next revision (the one with real malware) could easily include its own > encoder, even its own mail engine if desired. You don't need to get that complicated. Packages give you all you need, and AppleScript studio makes it child's play > > This type of file is possible because Apple still supports the old-style > file type/creator under OS X. I would hope that Apple would move quickly to > just stop them from running unless they have the .app extension. That's not a fix either. All a malware writer has to do is bury the bad code in the bundle, and you're still screwed. Windows established that relying on the extension is a bad idea. john -- "If God lived on earth, people would break his windows." Jewish Proverb -- To unsubscribe: <mailto:[EMAIL PROTECTED]> archives: <http://www.mail-archive.com/entourage-talk%40lists.letterrip.com/> old-archive: <http://www.mail-archive.com/entourage-talk%40lists.boingo.com/>
