RE: mac trojan in-the-wild

["David Harley" <david.a.harley () gmail com>]

> While we wait for them to install AV so we can count them, 
> I'd just take the alternative - counting days until the next 
> sample shows up up to the point it becomes hours.

Indeed. The rate of take-up will be an indicator of "success" in itself. 

I notice that AV companies are actually understating the risk at the moment.
They're flagging it as low-risk. In terms of damage from this particular
Trojan it's fair enough, I suppose, but by not mentioning the real
significance/potential, they're encouraging diehard fanboyz to write it off
as a transient. I suspect that the hope is to avoid the sort of abuse
they've had in the past for flagging Mac malware. But I suspect that it
means that there won't be much in the way of stats feedback from them until
the s*tstorm, if there is one, is well underway. 

In the past, there's been a steady trickle of reports to Mac Virus (that's
the site I inherited from Susan Lesch, not the later knock-offs). I'm
planning to inject a little life into that cobweb-site over the weekend, and
if I start getting data, I'll forward it to this community (not this list,
of course.) Mac Virus has been purely a placeholder for quite a while,
though, so I don't necessarily expect much to happen.

--
David Harley
AVIEN Interim Administrator: http://www.avien.org 
http://www.smallblue-greenworld.co.uk  


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.