Full Disclosure mailing list archives

Re: mac trojan in-the-wild

From: nnp <version5 () gmail com>
Date: Thu, 1 Nov 2007 15:27:55 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There's a difference between ignoring something and making a statement like

'OS X is the new Windows 98.'

Its sensationalist and of no use, especially when posted to lists that
are supposedly populated with security experts. Everyone here is aware
of the consequences of malware and the manipulation of end users to
spread it. Of course its interesting that a criminal group has taken
to spreading this but hyping up the consequences of it do nobody any
good and is just spreading FUD. To me it seems like the original
poster is trying to get a quote in some tech/security/computer
magazine.

No one is suggesting that this the propogation of this malware amoung
macs isn't a threat and that its supposed mass spreading by a criminal
group is of course a cause for worry. What we have an issue with is
the manner in which it is reported and the hyberbole thats is becoming
more and more prevalent amoung security experts seeking to promote
themselves and their companies.

A useful post on this matter would be one that includes an analysis of
the malware itself, perhaps some statistics on its prevalence etc. i.e
hard facts

Some people would do well to remember that we are supposedly engineers
and scientists, not journalists and fiction writers.

- --nnp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHKrQ9bP10WPHfgnQRArr1AKDOCfTdsrq6X7HtkG7qTfmaqVoGpwCcDmtp
HvyAAKhouMDUKBe0VHAabMM=
=GzY/
-----END PGP SIGNATURE-----

On 11/1/07, Alex Eckelberry <AlexE () sunbelt-software com> wrote:

Let's not over-hype this-- while "Apple's day" has been coming, saying

that users will be "hit hard" on something the user has to

manually download, manually execute, and explicitly grant

administrative privileges to is *way* over the top.

The future of malware is going to be largely through social engineering.
Does that mean we ignore every threat that comes out because it requires
user interaction?  Seems like whistling past the graveyard to me.

Alex


-----Original Message-----
From: Thor (Hammer of God) [mailto:thor () hammerofgod com]
Sent: Thursday, November 01, 2007 8:15 PM
To: Gadi Evron; bugtraq () securityfocus com;
full-disclosure () lists grok org uk
Subject: RE: mac trojan in-the-wild

For whoever didn't hear, there is a Macintosh trojan in-the-wild being

dropped, infecting mac users.
Yes, it is being done by a regular online gang--itw--it is not yet
another proof of concept. The same gang infects Windows machines as
well, just that now they also target macs.

http://sunbeltblog.blogspot.com/2007/10/screenshot-of-new-mac-
trojan.html
http://sunbeltblog.blogspot.com/2007/10/mackanapes-can-now-can-feel-
pain-of.html

This means one thing: Apple's day has finally come and Apple users are

going to get hit hard. All those unpatched vulnerabilities from years
past are going to bite them in the behind.


Let's not over-hype this-- while "Apple's day" has been coming, saying
that users will be "hit hard" on something the user has to manually
download, manually execute, and explicitly grant administrative
privileges to is *way* over the top.

I can sum it up in one sentence: OS X is the new Windows 98. Investing

in security ONLY as a last resort losses money, but everyone has to
learn it for themselves.


Not "the new Windows 98" by a long shot - saying that is just
irresponsible.  While Apple is not used to dealing with security in the
same way that other companies are, comparing OSX to Windows 98 is not
only a huge technical inaccuracy, but you also insult MAC users out
there.  OSX had "UAC-like unprivileged user controls" way before Vista
did - let's not try to start some holy-war on this like people have
tried to do with Windows vs Linux in the past.

If you want to report this, then report it-- but say what it is, a
totally lame user-must-be-drunk "exploit" that requires that all manner
of things go wrong before it works -- otherwise people will think that
you've dressed up as Steve Gibson for Halloween.

t



-- 
http://www.smashthestack.org
http://www.unprotectedhex.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: mac trojan in-the-wild, (continued)
- - Re: mac trojan in-the-wild reepex (Nov 01)
- Re: mac trojan in-the-wild Steven Block (Nov 01)
  - Re: mac trojan in-the-wild Nick FitzGerald (Nov 01)
    - Re: mac trojan in-the-wild reepex (Nov 01)
    - Re: mac trojan in-the-wild Paul Schmehl (Nov 01)
    - Re: mac trojan in-the-wild reepex (Nov 01)
    - Re: mac trojan in-the-wild Nick FitzGerald (Nov 01)
  - Re: mac trojan in-the-wild Paul Schmehl (Nov 01)
- Re: mac trojan in-the-wild Thor (Hammer of God) (Nov 01)
  - Re: mac trojan in-the-wild Alex Eckelberry (Nov 01)
    - Re: mac trojan in-the-wild nnp (Nov 01)
    - Re: mac trojan in-the-wild Dude VanWinkle (Nov 01)
    - Re: mac trojan in-the-wild nnp (Nov 01)
    - Re: mac trojan in-the-wild Dude VanWinkle (Nov 02)
    - Re: mac trojan in-the-wild Adam St. Onge (Nov 01)
    - Re: mac trojan in-the-wild Paul Schmehl (Nov 01)
    - Re: mac trojan in-the-wild Jay Sulzberger (Nov 01)
    - Re: mac trojan in-the-wild Paul Schmehl (Nov 01)
    - Re: mac trojan in-the-wild Steven Adair (Nov 01)
    - Re: mac trojan in-the-wild Jay Sulzberger (Nov 01)
    - Re: mac trojan in-the-wild Jay Sulzberger (Nov 01)

(Thread continues...)