funsec mailing list archives

Re: mac trojan in-the-wild

From: "Dr. Neal Krawetz" <hf () hackerfactor com>
Date: Thu, 1 Nov 2007 11:23:50 -0600 (MDT)

I've been reading this thread and I don't understand why there is this
assumption that Mac users are lax or stoopid...

I have a Mac.  I also use Linux, BSD, Windows, and many other OS's.

Yes: there are very few malware instances for the Mac.
Yes: there is virtually no AV for the Mac.

However, I don't know any Mac users who are not also Windows users.
And ever Mac user I know (in and out of the security field) are much more
cautious about their systems.  They regularly update and they don't run
software that they don't know.  They have learned these lessons from
watching (and being) Windows users.

Based on the screen shots of this trojan, you must accept the download.
One screen shot even requires you to enter your admin password.
While Windows users (particularly Vista) would do this without a second
thought, I suspect that Mac users will be more cautious and few people
will fall for it.

Mac viruses won't become wide-spread until they can auto-install and run
without human assistance (like Windows malware).

Am I missing something here?  (Beyond the Apple bashing?)

                                        -Neal
--
Neal Krawetz, Ph.D.
Hacker Factor Solutions
http://www.hackerfactor.com/
Author of "Introduction to Network Security" (Charles River Media, 2006)
and "Hacking Ubuntu" (Wiley, 2007)


On Wed Oct 31 19:27:30 2007, Gadi Evron wrote:


On Wed, 31 Oct 2007, Alex Eckelberry wrote:

I think a critical point is that for years, Mac users have looked down
upon Windows systems as being unsafe.

This has led to a false sense of security. And that's dangerous
thinking.

When I showed this trojan in action to our art director (a Mac user, of
course), he was completely shocked.

Mac users have been in a cocoon, and now they are as vulnerable as the
rest of us to social engineering attacks, which is what this is.


More vulnerable:
1. They feel secure so will take risks we won't.
2. Apple has years of unpatched issues to cope with.

It's the Windows eco-system of Widnows 98 being repeated.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: mac trojan in-the-wild, (continued)
- - - Re: mac trojan in-the-wild Dude VanWinkle (Oct 31)
    - RE: mac trojan in-the-wild David Harley (Oct 31)
    - Re: mac trojan in-the-wild Dude VanWinkle (Oct 31)
    - RE: mac trojan in-the-wild Alex Eckelberry (Oct 31)
    - RE: mac trojan in-the-wild Gadi Evron (Oct 31)
    - RE: mac trojan in-the-wild Larry Seltzer (Oct 31)
    - Re: mac trojan in-the-wild Brian Loe (Oct 31)
    - RE: mac trojan in-the-wild Nick FitzGerald (Oct 31)
    - Re: mac trojan in-the-wild der Mouse (Oct 31)
    - Re: mac trojan in-the-wild Dude VanWinkle (Oct 31)
    - Re: mac trojan in-the-wild Dr. Neal Krawetz (Nov 01)
    - Re: mac trojan in-the-wild Drsolly (Nov 01)
    - RE: mac trojan in-the-wild Alex Eckelberry (Nov 01)
    - Re: mac trojan in-the-wild Valdis . Kletnieks (Nov 01)
    - Re: mac trojan in-the-wild Dude VanWinkle (Nov 01)
    - RE: mac trojan in-the-wild David Harley (Nov 02)
    - RE: mac trojan in-the-wild Alex Eckelberry (Nov 02)
    - RE: mac trojan in-the-wild David Harley (Nov 02)
    - RE: mac trojan in-the-wild Larry Seltzer (Nov 03)
    - RE: mac trojan in-the-wild Nick FitzGerald (Nov 03)
    - RE: mac trojan in-the-wild Larry Seltzer (Nov 03)

(Thread continues...)