funsec mailing list archives
RE: Re: mac trojan in-the-wild
From: "David Harley" <david.a.harley () gmail com>
Date: Fri, 2 Nov 2007 09:32:56 -0000
Sadly, it is not this I am worried about, but the emails which are going to follow it claiming to from Apple's technical support and/or security group, advising the user to run the special security patch which just happens to be attached attached to the message in order to fix the security hole used by this trojan. And, of course, it cannot be provided via normal patching mechanisms since if the trojan is present it blocks the patch from being downloaded, et cetera.
Turns out it's not a problem at all. Apparently: 1) Mac users more intelligent than Windows users and no Mac user will ever fall for a Trojan relying on a social engineering attack. 2) If a Mac user -does- fall for a social engineering attack, he'll deserve everything he gets. 3) Trojans don't matter because they don't replicate. 4) Hardly any Windows malware requires user intervention, so turns out that social engineering isn't a factor at all. 5) The Trojan is being hyped up by the anti-virus companies and the Mac-hating security community. 6) Anti-virus companies are classifying this particular Trojan as low-risk, so it doesn't matter. Back in the real world, though, there are positives. Mac sites and the media have generally been treating the issue responsibly. AV companies have not hyped: in fact, they've slightly understated the issue, which isn't about the number of machines compromised by this particular Trojan (does anyone have reports of actual compromises?) but the future implications of professional interest in exploiting the Mac platform. Most of the Mac specialist lists I'm on have been discussing the issue calmly and rationally, without the confused paranoia of the fallacies and self-contradictions listed above. Even the list where all those chestnuts have resurfaced (and some of the abuse has made me wonder about the mental health of some of the participants) has now settled down to discuss relevant administrative issues perfectly rationally. But my main worry has never been these guys: while some of them clearly know much less about malware than they seem to think they do, they probably won't fall in huge numbers for this kind of attack. But they do have the capacity to mislead Mac users who (like most Windows users) have no idea what goes on under the hood and will for home the take-home points will be Mac safe, Windoze dangerous. -- David Harley AVIEN Interim Administrator: http://www.avien.org http://www.smallblue-greenworld.co.uk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: mac trojan in-the-wild, (continued)
- RE: mac trojan in-the-wild David Harley (Nov 03)
- RE: mac trojan in-the-wild David Harley (Nov 01)
- Re: mac trojan in-the-wild Nick FitzGerald (Nov 01)
- Re: mac trojan in-the-wild Dude VanWinkle (Nov 01)
- RE: mac trojan in-the-wild Alex Eckelberry (Oct 31)
- RE: mac trojan in-the-wild RMueller (Oct 31)
- RE: mac trojan in-the-wild Nick FitzGerald (Oct 31)
- RE: mac trojan in-the-wild David Harley (Nov 01)
- RE: mac trojan in-the-wild Nick FitzGerald (Oct 31)
- Re: mac trojan in-the-wild Juha-Matti Laurio (Nov 01)
- Re: mac trojan in-the-wild Aryeh Goretsky (home) (Nov 01)
- RE: Re: mac trojan in-the-wild David Harley (Nov 02)