Thursday, November 01, 2007

drive-by pharming (kind-of) exists!

TidBITS is reporting a Mac OS X Trojan that masquerades as a QuickTime codec; the idea is that people are told to install this codec to view a sketchy video on the web, then when they do, the "codec" actually manipulates their computer's DNS settings. Very reminiscent of drive-by pharming, but more obvious than a simple CSRF.

Link to more drive-by pharming info.