Re: mac trojan in-the-wild

[Jay Sulzberger <jays () panix com>]

On Thu, 1 Nov 2007, Adam St. Onge <adamst.onge () gmail com> wrote:

> So if i put a picture of a naked girl on a website and said to see more you
> must open a terminal and enter "rm -rf".
> Would we consider this a trojan...or just stupidity?

Yes, a Trojan.  Yes, stupidity on the part of the designer of the
home system.  There should be no way to destroy so much user data
by the user just typing six characters into a terminal window.

oo--JS.


> On 11/1/07, Alex Eckelberry <AlexE () sunbelt-software com> wrote:
> > > Let's not over-hype this-- while "Apple's day" has been coming, saying
> > that users will be "hit hard" on something the user has to
> > > manually download, manually execute, and explicitly grant
> > administrative privileges to is *way* over the top.
> >
> > The future of malware is going to be largely through social engineering.
> > Does that mean we ignore every threat that comes out because it requires
> > user interaction?  Seems like whistling past the graveyard to me.
> >
> > Alex
> >
> >
> > -----Original Message-----
> > From: Thor (Hammer of God) [mailto:thor () hammerofgod com]
> > Sent: Thursday, November 01, 2007 8:15 PM
> > To: Gadi Evron; bugtraq () securityfocus com;
> > full-disclosure () lists grok org uk
> > Subject: RE: mac trojan in-the-wild
> >
> > > For whoever didn't hear, there is a Macintosh trojan in-the-wild being
> >
> > > dropped, infecting mac users.
> > > Yes, it is being done by a regular online gang--itw--it is not yet
> > > another proof of concept. The same gang infects Windows machines as
> > > well, just that now they also target macs.
> > >
> > > http://sunbeltblog.blogspot.com/2007/10/screenshot-of-new-mac-
> > > trojan.html
> > > http://sunbeltblog.blogspot.com/2007/10/mackanapes-can-now-can-feel-
> > > pain-of.html
> > >
> > > This means one thing: Apple's day has finally come and Apple users are
> >
> > > going to get hit hard. All those unpatched vulnerabilities from years
> > > past are going to bite them in the behind.
> >
> > Let's not over-hype this-- while "Apple's day" has been coming, saying
> > that users will be "hit hard" on something the user has to manually
> > download, manually execute, and explicitly grant administrative
> > privileges to is *way* over the top.
> >
> >
> >
> > > I can sum it up in one sentence: OS X is the new Windows 98. Investing
> >
> > > in security ONLY as a last resort losses money, but everyone has to
> > > learn it for themselves.
> >
> > Not "the new Windows 98" by a long shot - saying that is just
> > irresponsible.  While Apple is not used to dealing with security in the
> > same way that other companies are, comparing OSX to Windows 98 is not
> > only a huge technical inaccuracy, but you also insult MAC users out
> > there.  OSX had "UAC-like unprivileged user controls" way before Vista
> > did - let's not try to start some holy-war on this like people have
> > tried to do with Windows vs Linux in the past.
> >
> > If you want to report this, then report it-- but say what it is, a
> > totally lame user-must-be-drunk "exploit" that requires that all manner
> > of things go wrong before it works -- otherwise people will think that
> > you've dressed up as Steve Gibson for Halloween.
> >
> > t

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/