Bugtraq mailing list archives
RE: mac trojan in-the-wild
From: "Alex Eckelberry" <AlexE () sunbelt-software com>
Date: Thu, 1 Nov 2007 17:47:14 -0400
I don't understand why this is being brushed off as not a big deal by so many. No, it's not a worm, it's not a virus, it's not self-replicating. It's actually a pretty simple little trojan. But this is a bit groundbreaking -- this is the first time we've seen the professional, profit-motivated malware folks move into the Mac. And like this is not a problem on Vista right now? (which has similar user messaging). The fake codecs are a plague on Windows systems. I'm not sure I would blow this off so quickly. When people want their porn, and don't know better, well... they do stupid things like install fake codecs. And here, the Mac user is made to think this is a simple Quicktime plug-in. Alex Eckelberry -----Original Message----- From: Matthew Leeds [mailto:mleeds () theleeds net] Sent: Thursday, November 01, 2007 4:57 PM To: bugtraq () securityfocus com Subject: Re: mac trojan in-the-wild Let's see now, user must: 1) Navigate to porn site 2) Download Trojan 3) Either open file or have set 'Open Safe Files...' 4) Must allow install by typing admin password Oh yeah, this will clearly hit Mac users hard, not. I don't see this as a big deal, more as Darwin in action (if you will not mind the pun). How this is a big deal is hard to see. Just a few more machines in the bot net. Now a self-replicating virus, that might be an issue, but this is a dead end. Not even a very effective drive by. ---------- ---Matthew *********** REPLY SEPARATOR *********** On 10/31/2007 at 6:21 PM Gadi Evron wrote:
For whoever didn't hear, there is a Macintosh trojan in-the-wild being dropped, infecting mac users. Yes, it is being done by a regular online gang--itw--it is not yet another proof of concept. The same gang infects Windows machines as well, just that now they also target macs. http://sunbeltblog.blogspot.com/2007/10/screenshot-of-new-mac-trojan.ht ml http://sunbeltblog.blogspot.com/2007/10/mackanapes-can-now-can-feel-pai n-of.html This means one thing: Apple's day has finally come and Apple users are going to get hit hard. All those unpatched vulnerabilities from years past are going to bite them in the behind. I can sum it up in one sentence: OS X is the new Windows 98. Investing in security ONLY as a last resort losses money, but everyone has to learn it for themselves. Gadi Evron.
Current thread:
- mac trojan in-the-wild Gadi Evron (Nov 01)
- Re: mac trojan in-the-wild Matthew Leeds (Nov 01)
- RE: mac trojan in-the-wild Alex Eckelberry (Nov 01)
- Re: mac trojan in-the-wild Nick FitzGerald (Nov 02)
- RE: mac trojan in-the-wild Thor (Hammer of God) (Nov 01)
- RE: mac trojan in-the-wild Alex Eckelberry (Nov 01)
- Re: mac trojan in-the-wild nnp (Nov 02)
- Re: [Full-disclosure] mac trojan in-the-wild Peter Besenbruch (Nov 02)
- Re: [Full-disclosure] mac trojan in-the-wild Paul Schmehl (Nov 02)
- Message not available
- Re: mac trojan in-the-wild Robert McArdle (Nov 02)
- RE: mac trojan in-the-wild Alex Eckelberry (Nov 01)
- RE: mac trojan in-the-wild Roger A. Grimes (Nov 02)
- RE: mac trojan in-the-wild Thor (Hammer of God) (Nov 02)
- RE: mac trojan in-the-wild Roger A. Grimes (Nov 02)
- Re: mac trojan in-the-wild Matthew Leeds (Nov 01)