[Mac OS X] wireshark download potential trojan? - Unix

This is a discussion on [Mac OS X] wireshark download potential trojan? - Unix ; Being lazy, I downloaded a wireshark .dmg from http://mac.softpedia.com/progDownloa...oad-23340.html and installed. I just rebooted and was informed that the wireshark copy in my startup items had the wrong permissions... Hello. That's got potential to be the ultimate customizable man-in-the-middle attack ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [Mac OS X] wireshark download potential trojan?

  1. [Mac OS X] wireshark download potential trojan?

    Being lazy, I downloaded a wireshark .dmg from

    http://mac.softpedia.com/progDownloa...oad-23340.html

    and installed.

    I just rebooted and was informed that the wireshark copy in my startup
    items had the wrong permissions...

    Hello.


    That's got potential to be the ultimate customizable man-in-the-middle
    attack and I certainly didn't authorize it to install as a startup.


    So now, I'm stuck trying to remove every trace of wireshark and tcpdump
    from my Mac and reinstall from the source obtained via source forge.


    I'll give this warning to http://mac.softpedia.com/ but for now, I'm not
    trusting anything I might download from them and neither should anyone
    else, IMHO.



    Lawson

  2. Re: [Mac OS X] wireshark download potential trojan?

    Lawson English writes:

    > That's got potential to be the ultimate customizable man-in-the-middle
    > attack and I certainly didn't authorize it to install as a startup.


    Where was this installed? Actually, in Mac OS X you should have
    permission to install startup items in your own user directory, for
    which there are two folders made specifically for these uses. You might
    check the actual contents of the Wireshark launchd plist to find out
    more information about what it is trying to do. At best, if it is an
    application with malicious intent, unless it makes use of some
    vulnerability inside the system, it should theoretically only be able to
    access files for which you yourself have access. Also, accessing
    anything of a nature that might be dangerous is probably protected by
    permissions, and so you would need to enter a password to do that.

    Of course, if this is a trojan, then it wouldn't need to do any of that,
    now would it? So, I'm curious to see what you find?

    --
    Aaron Hsu | Jabber: arcfide@jabber.org
    ``Government is the great fiction through which everybody endeavors to
    live at the expense of everybody else.'' - Frederic Bastiat

+ Reply to Thread