While I'm pretty impressed with your in-depth analysis, may I modestly point you to this paper

http://www.ccc.de/congress/2004/fahr...rity-paper.pdf

which, among other things, describes in 3.7 a way to fabricate something that pretty much looks like a document, yet behaves like an app.
Apple was notified by the author before publication, yet failed to see the problem. I have not checked whether, and if so, when they got it fixed. However, at least Apple Germany was kind of not amused by the publication.

Greg, in cases where someone is really out to get you, it takes a rather experienced unix admin to run a sufficiently tight ship.
They only need to find one hole, you are screwed the moment you make your first mistake.

Try to get a unix wiz you trust to look at your machines or start reading stuff like the NSA-security-guide for OS X:

http://www.nsa.gov/snac/downloads_macX.cfm

if i sounded like a prick above, i apologize (post facto) :) i was typing during a 16+ hour workday. iVoltage, you're in good hands!

Now that I feel like I'm on terra firma again with a known good, I have had time to think about the possible (likely?) intrusion from a more objective standpoint. I am really learning through all of this.

OK, now all of my passwords have been changed - they are always long and involved, anyway - I have turned my attention to recovering my "life" from a 250GB Firewire drive filled with thousands upon thousands of scattered files. I am interested in what Voldenuit has pointed out, something which I raised earlier. How the hell do I know if it's an application?

From my highly limited understanding, there is no easy way to tell. For instance, just before I pulled the modem lead, I had scanned my files with Zebra Scanner, a utility which detects applications or executable code which is not tagged thus in its file type. It seems to be an imprecise science but it's better than nothing. Especially when VirusBarrier and NAV don't bother to check.

I'm taking this one step further now. I have just compiled and configured (I know, what change a week can make) a GPG-enabled Tripwire which stenographically conceals files within an image file or suitable binary. Couldn't a Trojan do the same? Wouldn't it be fairly routine to do so? The idea makes me uncomfortable.

Despite the fact we are always told we are pretty safe from Trojans and viruses, I am not so convinced. A little social engineering, a lot of complacency and a carefully crafted Trojan could spread like wildfire, even if it wasn't technically a virus. Maybe I'm just paranoid now. Hehe.

I don't run ANY widgets, by the way. Widgets are evil. Widgets are pointless. Widgets suck. In the Book of Revelations it clearly states that widgets will herald an age of darkness. Nostradamus agreed (that's when he wasn't playing Tetris).

OK, I really better do some work. Once again, thanks a million, guys. You are priceless. I am humbled by your knowledge and appreciate you sharing it with me.

;)

i don't know if anyones mentioned this ..
 

but do you have Finder set to "calculate all file sizes"?

because i found that, inevitably, if i leave a Finder window open with that value set on, my whole system gets chunky .. i actually depend on filesizes in Finder a lot, its one of the reasons I use Finder (to manage things), if ever (most of the time it is "Quit" .. i don't leave it running, since I'm a term kinda guy on OSX anyway ..).

Just saying, anyway, if your system is chunky: make sure you haven't overlooked blaming Finder. It is a bit of a rude program at times.. still.

No, it couldn't spread like wildfire on OS X or Linux systems, although of course it could (and does, every day) on Windows systems.

Think of a disease organism, such as an infectious bacteria, that spreads by moving from person to person. But for this imaginary bacteria that we are thinking of, 90-95% of the people are immune to it. (This corresponds very roughly to a Mac virus, worm, or Trojan--roughly 90-95% of computers run something other than OS X and would be immune to OS X malware.) Because the vast vast majority of infection vectors are dead ends--they end in a person who is immune--this imaginary bacteria would only spread very very slowly, or even die out quickly as the 5% who could be infected developed immunities.

In the same way, OS X malware (when someone finally sinks low enough to write some) would of necessity spread very slowly. Because of the nature of computer viruses, etc. the anti-virus companies would have ways to fight an OS X virus long before it became an issue, just because it's spread would be so slow.

On Windows, on the other hand, malware has an approximate 90% of hosts that CAN be infected, and so Windows malware can spread very quickly.

Trevor

Confirmed
 

This actually is a trojen of some sort, either hand designed or otherwise :)

To be honset I found this out because i'm at work and my employeer has decided to bug my system.

Or I suppose I could always speak with my employeer about it, its pretty disconcerning considering they've given the abillity to moniter my system by another employee.

Details please.
By referring to "this", do you actually mean to say that you have experienced exactly the same things as described a year and a half ago by the original poster in this thread?

Probably just CarbonKeys or something. You could just use Activity Monitor and kill it, I've tried using that program, and for some reason it gets screwed up whenever you type in your keychain or login password.

Hi, just wanted to reply that I just saw the very same app "sflsharedprefsto" crawl up on my computer, too. I tried to load a bunch of bookmarks into tabs with a prerelease version of safari. Is now gone again - strange.

Update:Ok, located the problem to this url:
feed://musicthing.blogspot.com/atom.xml

Update 2: Ok, was probably a result of bothe the prerelease WebKit version and changing "Web" and RSS to this app with RCDefaultApp.