Full Disclosure mailing list archives
Re: mac trojan in-the-wild
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Thu, 1 Nov 2007 20:37:00 -0400
Actually, on that same note, I recently did an analysis of the last three years of published Windows vulnerabilities. 86% required local end-user interaction (i.e. social engineering) to be pulled off. http://www.infoworld.com/article/07/10/19/42OPsecadvise-insider-threats_ 1.html I didn't analyze Linux or BSD threats, but my gut feeling puts them at the same level or even higher. With 86% or more of the past threats requiring social engineering to pull off, we can safely say the "future" you state below is here now. Now, what is interesting is that any exploit requiring social engineering to work has so far been less of a problem than the vast majority of "remote buffer overflow" exploits like the Blaster and SQL worms. Social engineering-required malware still works, and works well, but not with the same success of remote buffer overflow malware. There is very little we in the security space can point to as a success...but the overall decrease in remote buffer overflows is one. Unfortunately, the social engineering malware is getting better day-by-day. We can no longer count on mispellings (sic) and bad grammar to be malware indicators. Our users, regardless of the OS, are ready as ever to click on interesting content, malicious or not. We've got to design our defenses to pay more attention to client-side attacks, but it is the weak point now, not in the future. Roger ***************************************************************** *Roger A. Grimes, InfoWorld, Security Columnist *CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH, yada...yada... *email: roger_grimes () infoworld com or roger () banneretcs com *Author of Windows Vista Security: Securing Vista Against Malicious Attacks (Wiley) *http://www.amazon.com/Windows-Vista-Security-Securing-Malicious/dp/0470 101555 ***************************************************************** -----Original Message----- From: Alex Eckelberry [mailto:AlexE () sunbelt-software com] Sent: Thursday, November 01, 2007 5:49 PM To: Thor (Hammer of God); Gadi Evron; bugtraq () securityfocus com; full-disclosure () lists grok org uk Subject: RE: mac trojan in-the-wild The future of malware is going to be largely through social engineering. Does that mean we ignore every threat that comes out because it requires user interaction? Seems like whistling past the graveyard to me. Alex _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: mac trojan in-the-wild, (continued)
- Re: mac trojan in-the-wild Jay Sulzberger (Nov 01)
- Re: mac trojan in-the-wild Jay Sulzberger (Nov 01)
- Re: mac trojan in-the-wild Nick FitzGerald (Nov 01)
- Re: mac trojan in-the-wild Dude VanWinkle (Nov 02)
- Re: mac trojan in-the-wild J. Oquendo (Nov 02)
- Re: mac trojan in-the-wild Dude VanWinkle (Nov 02)
- Re: mac trojan in-the-wild reepex (Nov 02)
- Re: mac trojan in-the-wild Simon Smith (Nov 02)
- Re: mac trojan in-the-wild Dude VanWinkle (Nov 05)
- Re: mac trojan in-the-wild Paul Schmehl (Nov 05)
- Re: mac trojan in-the-wild Roger A. Grimes (Nov 01)
- Re: mac trojan in-the-wild Thor (Hammer of God) (Nov 01)
- Re: mac trojan in-the-wild Jay Sulzberger (Nov 01)
- the heart of the problem [was: RE: mac trojan in-the-wild] Gadi Evron (Nov 02)
- Re: [funsec] the heart of the problem [was: RE: mac trojan in-the-wild] Drsolly (Nov 02)
- Re: [funsec] the heart of the problem [was: RE: mac trojan in-the-wild] yiri (Nov 02)
- Re: the heart of the problem [was: RE: mac trojan in-the-wild] Roger A. Grimes (Nov 02)
- Re: mac trojan in-the-wild Roger A. Grimes (Nov 02)
- Re: mac trojan in-the-wild David Harley (Nov 02)
- Re: mac trojan in-the-wild Peter Besenbruch (Nov 01)
- Re: mac trojan in-the-wild Paul Schmehl (Nov 01)