Several weeks ago, a piece of software was on the front page of digg.com. It was the Secondary Click installer – it would allow a MacBook Pro users to “right-click” or “control-click” using two fingers on the trackpad. I installed it on my MBP and it kind of works. It had an installer, it asked for my password and I had no problem installing it on my laptop.
That got me thinking about how digg or sites like digg could be used to spread viruses very easily. Digg allows the users to act as editors and the most popular stories get promoted to the front page. One of the great features of digg is how quickly a story can move from obscurity to the front page. The more interesting the story, the quicker it gets dugg. Since the users are the ones promoting the stories, there isn’t anyone really doing long-term checks and experiments on the software that gets promoted to the front page.
If someone wanted, they could put together a piece of malware that acted as a ticking time bomb. The Secondary Click installer could have easily installed the first real Mac virus by adding some terminal commands to format your hard drive a couple of days later using the password you typed in when you agreed to install Secondary Click. Now, I’m not a virus-writer so I don’t even know if this is possible, but it seems plausible to me.
People would be quite happy with the piece of software for a couple of days and it would have been promoted to the front page of digg. No one would know that anything malicious was involved until days later when the virus gets full blown. By the time anyone felt the effect of the malware it would be too late. A couple of thousand would be infected and the thing that makes sites like digg so great, pushing stories with an immediacy not found in traditional news sites, could cause plenty of problems.
As an aside: I am a big fan of digg and I check the site out several times a day. I am eagerly awaiting Digg version 3 with its new features.