Re: mac trojan in-the-wild

["Dude VanWinkle" <dudevanwinkle () gmail com>]

On 11/1/07, Dr. Neal Krawetz <hf () hackerfactor com> wrote:
> I've been reading this thread and I don't understand why there is this
> assumption that Mac users are lax or stoopid...

Well, lets say overconfident or cocksure. Maybe Stoolax or Loopid :-)

> I have a Mac.  I also use Linux, BSD, Windows, and many other OS's.
>
> Yes: there are very few malware instances for the Mac.
> Yes: there is virtually no AV for the Mac.

Do:  ClamXav, Norton AntiVirus 10.1.2,  MacScan 2.5, Sophos Anti-Virus
4.8.13, VirusBarrier X4 10.4.4, and McAfee VirusScan 8.5 count?

> However, I don't know any Mac users who are not also Windows users.

You dont know any Linux admins who use Macs as their desktop and avoid
anything MS? I bet there are more than a few on this list.

> And ever Mac user I know (in and out of the security field) are much more
> cautious about their systems.  They regularly update and they don't run
> software that they don't know.  They have learned these lessons from
> watching (and being) Windows users.
> Based on the screen shots of this trojan, you must accept the download.
> One screen shot even requires you to enter your admin password.

People will fall for it. If they will put their CC# and SSN into a
email ro give their account and routing numbers to Barrister John Ade,
they will fall for this.



If the trojan didn't need you to accept the download, enter a
password, or do anything at all we would call it a worm. I am
confident that with some finagling, someone with more skills than me
could distribute this trojan via a safari bug with some local
privilege escalation some such, eliminating the need for the user to
enter a password.


> While Windows users (particularly Vista) would do this without a second
> thought, I suspect that Mac users will be more cautious and few people
> will fall for it.

There is a sucker born every minute, and since a fool and his money
are soon parted, I doubt the suckers can afford a Mac :-)

Seriously though, thinking Mac users are generally smarter than
everyone else is just wrong. We wouldn't need Mac IT support if the
users knew how to admin their stuff.

> Mac viruses won't become wide-spread until they can auto-install and run
> without human assistance (like Windows malware).

Windows malware does require assistance. You have to browse to a
website, view a picture, read an email, inhale, exhale, etc, etc, etc.
Given, this is not much human assistance but its pretty damn hard to
get win32 malware to auto install anymore.



> Am I missing something here?  (Beyond the Apple bashing?)

iPhone bashing :-)



> On Wed Oct 31 19:27:30 2007, Gadi Evron wrote:
> > On Wed, 31 Oct 2007, Alex Eckelberry wrote:
> > It's the Windows eco-system of Widnows 98 being repeated.

I would say Gadi was off a bit. I think the iPhone + Safari is the new
windows 9x +IE. I would bet that we will see iPhone



-JP
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.