|Home » Learning Curve
Opinion Spy: Third Look
A few clarifications.
The first look at Opinion Spy found indications that code from Brian Hill and Wolf Rentzsch was baked into the package. Brian and Wolf have of course had nothing to do with Opinion Spy, in case someone got the wrong meaning.
Wolf's injection and swizzling code is open source and published online; Brian's MacSniffer application is unrelated to the 'MacSniffer' embedded in Opinion Spy.
Brian's MacSniffer code has never been released. The code is a Cocoa wrapper for Van Jacobson's tcpdump and it's written entirely in Objective-C. The 'MacSniffer' found in Opinion Spy uses another language called C++. There's no relation between the two 'MacSniffers'.
The path /private/var/db/.AccessibilityAPIEnabled mentioned in the file RunPermissionResearch.sh is used by the malware but is otherwise part of accessibility features on Mac OS X. Its presence does not indicate a system is infected with Opinion Spy.
Finally: a number of Windows fanboy sites are trying to hop on the Opinion Spy story to 'change the subject' from the story on Google abandoning Microsoft painware. Don't believe a word of it - just let them carry on. They'll wear themselves out shortly.
Remember the following from the previous article: Opinion Spy isn't a system attack and it's in no way a reflection on the security of Mac OS X or Unix in general.
System attacks that expose critical weaknesses are entirely different. You can read about one (on Windows of course) here.
Learning Curve: Opinion Spy: First Look
Learning Curve: Opinion Spy: Second Look
Learning Curve: Here Comes the Opinion Spy!