funsec mailing list archives
RE: mac trojan in-the-wild
From: "Alex Eckelberry" <AlexE () sunbelt-software com>
Date: Wed, 31 Oct 2007 21:25:00 -0400
I think a critical point is that for years, Mac users have looked down upon Windows systems as being unsafe. This has led to a false sense of security. And that's dangerous thinking. When I showed this trojan in action to our art director (a Mac user, of course), he was completely shocked. Mac users have been in a cocoon, and now they are as vulnerable as the rest of us to social engineering attacks, which is what this is. Users who have been around, like Dave Harley, have dealt with the old days of the Mac, which was virus hell. I remember it well myself -- infection was routine. OS X is much, much better than probably anything out there, but it's still subject to pilot error -- in this case, social engineering. Let's remember that the fake media codecs are the most widespread malware out there right now. They are a plague, because users allow the install to watch porn. Last I checked, Mac users are human beings as well, and are still as likely (if not more, because of the false sense of security) to click on a download to watch a skin flick. I don't know if we should be running the hills on this one, but it's a wakeup call. This is a milestone -- it's the first time I've seen a professional malware group go after Mac users in an organized fashion. Alex -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Dude VanWinkle Sent: Wednesday, October 31, 2007 8:19 PM To: david.a.harley () gmail com Cc: funsec () linuxbox org Subject: Re: [funsec] mac trojan in-the-wild On 10/31/07, David Harley <david.a.harley () gmail com> wrote:
No worries :-) I had evaluated av solutions for a university and found out that McAfee Virex did not detect windows viruses.:) That's right, or was when I last administered AV for Macs.
<survey of mine was in 2005>
Strangely enough, the Dr Solomon's Mac product that McAfee acquired but ran down
did, IIRC, detect BSVs, but that function was never migrated to Virex.
Well its a hard sell: scanning a mac for the hundreds of known malware vs. scanning a mac for 100's of knowns that can affect the OS, plus the 66k that can't. http://tinyurl.com/228poc <Dude, Channeling Mr Ovbvoius> Also the cost to buy the talent required to find malware on mac vs windows costs the same, but returns less. </end Dude, Channeling Mr Obvious>
Of course, I'm old and feeble, and may have misremembered some of this
stuff.
;-)
As long as the viri dont get my Tapioca, its all good... :-) gindduP sekiL --> http://tinyurl.com/6p3l4 <-- Likes Pudding
I thought this was just standard operating procedure for AV, as scanning every
OS for every virus might be too CPU intensive for an app.Most Windows AV doesn't check for Mac stuff, though most detect some *n*x stuff. But some of the vendors with a Mac product do, or did. Sophos and Symantec used to, and probably still do, but it's a while since I needed to check these things.
I was disappointed as lots of users with mac's would scan on a mac and then think a file was safe to share. Still the bigger disappointment was that the GDI vulns might have been detected if they had done what the VX'ers had and ported some exploits (detection) from unix to windows... If I could just help convince one RBN engineer to code and backport more malware to be cross platform in order to help out with AV-ROI like this nice fellow: http://tinyurl.com/3x6mqg, we might live in a better world. -JP<after grabbing his coat and leaving, has to return for his galoshes
_______________________________________________
Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: mac trojan in-the-wild, (continued)
- Re: mac trojan in-the-wild Dude VanWinkle (Oct 31)
- RE: mac trojan in-the-wild Alex Eckelberry (Oct 31)
- Re: mac trojan in-the-wild Dude VanWinkle (Oct 31)
- RE: mac trojan in-the-wild Gadi Evron (Oct 31)
- RE: mac trojan in-the-wild David Harley (Oct 31)
- Message not available
- Re: mac trojan in-the-wild Gadi Evron (Oct 31)
- RE: mac trojan in-the-wild Alex Eckelberry (Oct 31)
- Re: mac trojan in-the-wild Dude VanWinkle (Oct 31)
- RE: mac trojan in-the-wild David Harley (Oct 31)
- Re: mac trojan in-the-wild Dude VanWinkle (Oct 31)
- RE: mac trojan in-the-wild David Harley (Oct 31)
- Re: mac trojan in-the-wild Dude VanWinkle (Oct 31)
- RE: mac trojan in-the-wild Alex Eckelberry (Oct 31)
- RE: mac trojan in-the-wild Gadi Evron (Oct 31)
- RE: mac trojan in-the-wild Larry Seltzer (Oct 31)
- Re: mac trojan in-the-wild Brian Loe (Oct 31)
- RE: mac trojan in-the-wild Nick FitzGerald (Oct 31)
- Re: mac trojan in-the-wild der Mouse (Oct 31)
- Re: mac trojan in-the-wild Dude VanWinkle (Oct 31)
- Re: mac trojan in-the-wild Dr. Neal Krawetz (Nov 01)
- Re: mac trojan in-the-wild Drsolly (Nov 01)
- RE: mac trojan in-the-wild Alex Eckelberry (Nov 01)
- Re: mac trojan in-the-wild Valdis . Kletnieks (Nov 01)