Sophos video shows Mac trojan caught in the act

Does anyone know if this exploit would truly work hands-free on a Windows machine running Vista or Windows7 or would there be a UAC prompt for administrative rights just like the " provide admin credentials " requirement on Mac OS X?

(unlike Windows users, who might catch the Zlob malware just by visiting the webpage)

Come on. I read TUAW for interesting, relevant, accurate articles. Not for inaccurate, ill-informed, fanboy pandering. Of all the things that Mac users have to brag about, better security in Safari is absolutely not one of them.

Safari has known, significant vulnerabilities on both the Windows and MacOS platform. While obscurity has prevented widespread exploits, it won't last forever.

To site one of many sources on the topic:
http://voices.washingtonpost.com/securityfix/2009/03/mac_os_x_top_target_in_browser.html?hpid=sec-tech

To quote the punch-line:

Both the Firefox and Safari vulnerabilities that he proved were exploited on a Mac OS X system. The German hacker said the latest versions of both Firefox and IE take full advantage of features built in to Windows Vista that make it far more difficult to reliably exploit than on the current version of OS X. Those features, including "data execution prevention" (DEP) and "address space layout randomization," (ASLR) don't appear to be properly implemented between OS X and versions of Safari and Firefox built for that operating system, Nils said.

Next time, try to keep it informed and honest.

solution: program your router to use OpenDNS and use VLC for all your video watching needs..

this is why FLASH is pointless - anything requiring a plug in that requires updating - dumb as rocks. Anything on the web that requires users to jump through hoops is pointless ... yea, yea, and a pro burglar can break into my house in 8 weeks, point NOT taken. I'll be sure and watch my mac if I'm in a lab at these viruses places - otherwise, zero for 9 years and 60 million OSX users ...

And what they DON'T show you is that the .dmg may have malware attached, you'd still have to type in your password to actually install it to have any affect on your computer.

Granted, if it were me, I'd most likely type the password w/o a second thought, but I'd have been weary at the .exe file for sure, and would have stopped there.

Ok.. so of the BILLIONS of web sites out there, we have ONE that looks bad for Macs.

If you use IE7 or Firefox, you wouldn't get the malware on a PC either. 99.9% of malware comes from installing things on a PC, just how it happens on a Mac. TUAW just doesn't want to admit that Windows has become secure now.

I'm really sure they made this trojan themselves.
I would if I were Sophos, Intego, Symantec or Norton.
$$, and they happily lived ever after...

"...and that's why you need to be very careful what you download off the net, whether you're a Windows user or a Mac user."

While the above statement may be true in some sense, I think that it's a bit disingenuous to lump Windows and Mac OS X together in that way, as if there is a widespread epidemic of malware, downloadable from the web, that Mac users need to be wary of. That privilege belongs, almost exclusively, to Windows users.

And someone might break into my house if I leave the keys on the door.

How is this even possibly considered a virus or trojan? All it does is change DNS settings, which would have little effect anyways if you use a half decent ISP. Now Conficker, that's a damn virus. Here's what the latest version does: "Conficker.C, which surfaced earlier this month, shuts down security services, blocks computers from connecting to security Web sites, and downloads a Trojan. It also reaches out to other infected computers via peer-to-peer networking and includes a list of 50,000 different domains, of which 500 will be contacted by the infected computer on April 1 to receive updated copies or other malware or instructions. Previous Conficker variants were written to connect to 250 domains a day."

So how is that at all comparable to what the video was showing?