MoAB: Feh!
The Month of Apple Bugs guys wrote a (deliberately limited) piece of spyware which tracked IPs of people who ran their (pre-release) exploit sample. Then they complained because it leaked (not really a surprise here, at least).
http://applefun.blogspot.com/2007/01/canary-trap-leak-and-mole.html
People complained they were “installing root-kits”, and MoAB responded that the users did it to themselves. Well, duh! That’s how most viruses & spyware get distributed and installed, through ignorance combined with malicious intent on the part of the distributor. It doesn’t make this any less obnoxious.
On the Month of Apple Bugs, Backdoor Drama, and Why Security Researches Need Exceptional Ethics | securosis.com said,
January 11, 2007 at 6:19 pm
[...] Being on the road this week, I missed the latest drama at the Month of Apple Bugs pointed out in this post by Chris Pepper. (One thing Chris doesn’t mention is that this backdoor was only included in a pre-release version of the exploit, not the released proof of concept code). [...]
.:Computer Defense:. » Oracle to release pre-patch notifications; Drama from MOAB. said,
January 11, 2007 at 9:59 pm
[...] Secondly it seems there’s been some interesting activities spurred from the MOAB project. Apparently some “enterprising” individuals were scanning the directories where the new MOABs were being posted. To put a stop to this LMH put up a backdoored exploit ( Article 1 | Article 2 ). I’m not sure I’m impressed with this… After reading LMH’s blog post on the subject and seeing this line, “It’s just that you’ve been caught doing a rather unethical business.”, yet I would say that backdooring the “pre-release” file is much worse. There are those that would say that putting something on a public website, whether or not you provide a link to it, makes it publicly available. If you don’t want people to have it, don’t add it to the website. In the first article I linked, there was mention of MOAB saying, “We didn’t install it, the user did”… and as the first article says, this is how plenty of malware spreads… Blaming the user is just wrong. [...]