Re: mac trojan in-the-wild

["David Harley" <david.a.harley () gmail com>]

> Actually, on that same note, I recently did an analysis of 
> the last three years of published Windows vulnerabilities.

Thanks, Roger. That's a really useful, apposite and timely item. 

--
David Harley
AVIEN Interim Administrator: http://www.avien.org 
http://www.smallblue-greenworld.co.uk  

> 86% required local end-user interaction (i.e. social 
> engineering) to be pulled off.
> http://www.infoworld.com/article/07/10/19/42OPsecadvise-inside
r-threats_
> 1.html
>
> I didn't analyze Linux or BSD threats, but my gut feeling 
> puts them at the same level or even higher.
>
> With 86% or more of the past threats requiring social 
> engineering to pull off, we can safely say the "future" you 
> state below is here now.
>
> Now, what is interesting is that any exploit requiring social 
> engineering to work has so far been less of a problem than 
> the vast majority of "remote buffer overflow" exploits like 
> the Blaster and SQL worms.  Social engineering-required 
> malware still works, and works well, but not with the same 
> success of remote buffer overflow malware. There is very 
> little we in the security space can point to as a 
> success...but the overall decrease in remote buffer overflows 
> is one.  Unfortunately, the social engineering malware is 
> getting better day-by-day. We can no longer count on 
> mispellings (sic) and bad grammar to be malware indicators. 
> Our users, regardless of the OS, are ready as ever to click 
> on interesting content, malicious or not. We've got to design 
> our defenses to pay more attention to client-side attacks, 
> but it is the weak point now, not in the future.
>
> Roger
>
> *****************************************************************
> *Roger A. Grimes, InfoWorld, Security Columnist *CPA, CISSP, 
> CISA, MCSE: Security (2000/2003), CEH, yada...yada...
> *email: roger_grimes () infoworld com or roger () banneretcs com 
> *Author of Windows Vista Security: Securing Vista Against 
> Malicious Attacks (Wiley) 
> *http://www.amazon.com/Windows-Vista-Security-Securing-Malicio
us/dp/0470
> 101555
> *****************************************************************
>
>
> -----Original Message-----
> From: Alex Eckelberry [mailto:AlexE () sunbelt-software com] 
> Sent: Thursday, November 01, 2007 5:49 PM
> To: Thor (Hammer of God); Gadi Evron; bugtraq () securityfocus com;
> full-disclosure () lists grok org uk
> Subject: RE: mac trojan in-the-wild
>
> The future of malware is going to be largely through social 
> engineering.
> Does that mean we ignore every threat that comes out because 
> it requires
> user interaction?  Seems like whistling past the graveyard to me. 
>
> Alex

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/