RE: mac trojan in-the-wild

["Alex Eckelberry" <AlexE () sunbelt-software com>]

I think a critical point is that for years, Mac users have looked down
upon Windows systems as being unsafe.  

This has led to a false sense of security. And that's dangerous
thinking. 

When I showed this trojan in action to our art director (a Mac user, of
course), he was completely shocked. 

Mac users have been in a cocoon, and now they are as vulnerable as the
rest of us to social engineering attacks, which is what this is. 

Users who have been around, like Dave Harley, have dealt with the old
days of the Mac, which was virus hell. I remember it well myself --
infection was routine.  OS X is much, much better than probably anything
out there, but it's still subject to pilot error -- in this case, social
engineering.  

Let's remember that the fake media codecs are the most widespread
malware out there right now. They are a plague, because users allow the
install to watch porn. Last I checked, Mac users are human beings as
well, and are still as likely (if not more, because of the false sense
of security) to click on a download to watch a skin flick. 

I don't know if we should be running the hills on this one, but it's a
wakeup call.  This is a milestone -- it's the first time I've seen a
professional malware group go after Mac users in an organized fashion. 

Alex

 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Dude VanWinkle
Sent: Wednesday, October 31, 2007 8:19 PM
To: david.a.harley () gmail com
Cc: funsec () linuxbox org
Subject: Re: [funsec] mac trojan in-the-wild

On 10/31/07, David Harley <david.a.harley () gmail com> wrote:
> > No worries :-)
> >
> > I had evaluated av solutions for a university and found out that 
> > McAfee Virex did not detect windows viruses.
>
> :) That's right, or was when I last administered AV for Macs.
<survey of mine was in 2005>

> Strangely
> enough, the Dr Solomon's Mac product that McAfee acquired but ran down

> did, IIRC, detect BSVs, but that function was never migrated to Virex.

Well its a hard sell: scanning a mac for the hundreds of known malware
vs. scanning a mac for 100's of knowns that can affect the OS, plus the
66k that can't.

http://tinyurl.com/228poc

<Dude, Channeling Mr Ovbvoius>
Also the cost to buy the talent required to find malware on mac vs
windows costs the same, but returns less.
</end Dude, Channeling Mr Obvious>

> Of
> course, I'm old and feeble, and may have misremembered some of this
stuff.
> ;-)

As long as the viri dont get my Tapioca, its all good... :-)

gindduP sekiL --> http://tinyurl.com/6p3l4 <-- Likes Pudding

> > I thought
> > this was just standard operating procedure for AV, as scanning every

> > OS for every virus might be too CPU intensive for an app.
>
> Most Windows AV doesn't check for Mac stuff, though most detect some 
> *n*x stuff. But some of the vendors with a Mac product do, or did. 
> Sophos and Symantec used to, and probably still do, but it's a while 
> since I needed to check these things.

I was disappointed as lots of users with mac's would scan on a mac and
then think a file was safe to share. Still the bigger disappointment was
that the GDI vulns might have been detected if they had done what the
VX'ers had and ported some exploits (detection) from unix to windows...

If I could just help convince one RBN engineer to code and backport more
malware to be cross platform in order to help out with AV-ROI like this
nice fellow: http://tinyurl.com/3x6mqg, we might live in a better world.

-JP<after grabbing his coat and leaving, has to return for his galoshes
> _______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.