funsec mailing list archives

RE: mac trojan in-the-wild

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 01 Nov 2007 17:06:13 +1300

Larry Seltzer wrote:

It just blows me away that nobody's bothered do mount a concerted attack
yet,


Traditionally we have talked in terms of ROI.

After the "bad old days" of Mac viruses (including the first "data 
viruses") the _very_ occasional piece of Mac malware had the, ahem 
"advantage" of making quite a media splash even if it never actually 
made it "in the wild".  To the malware author, the ROI was not so much 
getting a media headline of the "worst/fastest/biggest" kind but more 
of boasting rights for a "first" (no matter how puerile).

When these odd (usually really just PoC) malwares appeared, the Mac 
fanboyz went into overdrive expending huge effort denying that these 
examples showed their historically moronic view of Macs as "virus 
proof", etc, etc and more latterly "designed secure", etc, etc were 
clearly, at a minimum, gravely flawed...

Historically we have tended to say that Mac OS would have to achieve 
(possibly much) greater market share before it would ever start to look 
like it was worth the malware writers' efforts.  However, with Windows 
int-duh-net users possibly approaching malware infestation saturation, 
how bad can the ROI of whipping up a few simple scripts into an OS X 
installer, packaging that up as a disk image and tweaking a few malware 
web server scripts to serve the Mac version to "suitable" browser user 
agent clients really look?

Sure, it may only pull a few hundred more victims, but that's money for 
jam in the brave new world of organized crime-ware...

... but once it comes it's going to be smallpox and the native
americans all over again. Mac users have been trained to think they're
invulnerable.


Yep -- the unconscionable leading the (largely) ineducable.

Mac fanboyz have a lot to answer for...


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

RE: mac trojan in-the-wild, (continued)
- - - RE: mac trojan in-the-wild David Harley (Oct 31)
    - Message not available
    - Re: mac trojan in-the-wild Gadi Evron (Oct 31)
  - RE: mac trojan in-the-wild David Harley (Oct 31)
    - Re: mac trojan in-the-wild Dude VanWinkle (Oct 31)
    - RE: mac trojan in-the-wild David Harley (Oct 31)
    - Re: mac trojan in-the-wild Dude VanWinkle (Oct 31)
    - RE: mac trojan in-the-wild Alex Eckelberry (Oct 31)
    - RE: mac trojan in-the-wild Gadi Evron (Oct 31)
    - RE: mac trojan in-the-wild Larry Seltzer (Oct 31)
    - Re: mac trojan in-the-wild Brian Loe (Oct 31)
    - RE: mac trojan in-the-wild Nick FitzGerald (Oct 31)
    - Re: mac trojan in-the-wild der Mouse (Oct 31)
    - Re: mac trojan in-the-wild Dude VanWinkle (Oct 31)
    - Re: mac trojan in-the-wild Dr. Neal Krawetz (Nov 01)
    - Re: mac trojan in-the-wild Drsolly (Nov 01)
    - RE: mac trojan in-the-wild Alex Eckelberry (Nov 01)
    - Re: mac trojan in-the-wild Valdis . Kletnieks (Nov 01)
    - Re: mac trojan in-the-wild Dude VanWinkle (Nov 01)
    - RE: mac trojan in-the-wild David Harley (Nov 02)
    - RE: mac trojan in-the-wild Alex Eckelberry (Nov 02)
    - RE: mac trojan in-the-wild David Harley (Nov 02)

(Thread continues...)