funsec mailing list archives
Re: mac trojan in-the-wild
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Thu, 1 Nov 2007 17:51:47 -0400
On 11/1/07, Dr. Neal Krawetz <hf () hackerfactor com> wrote:
I've been reading this thread and I don't understand why there is this assumption that Mac users are lax or stoopid...
Well, lets say overconfident or cocksure. Maybe Stoolax or Loopid :-)
I have a Mac. I also use Linux, BSD, Windows, and many other OS's. Yes: there are very few malware instances for the Mac. Yes: there is virtually no AV for the Mac.
Do: ClamXav, Norton AntiVirus 10.1.2, MacScan 2.5, Sophos Anti-Virus 4.8.13, VirusBarrier X4 10.4.4, and McAfee VirusScan 8.5 count?
However, I don't know any Mac users who are not also Windows users.
You dont know any Linux admins who use Macs as their desktop and avoid anything MS? I bet there are more than a few on this list.
And ever Mac user I know (in and out of the security field) are much more cautious about their systems. They regularly update and they don't run software that they don't know. They have learned these lessons from watching (and being) Windows users. Based on the screen shots of this trojan, you must accept the download. One screen shot even requires you to enter your admin password.
People will fall for it. If they will put their CC# and SSN into a email ro give their account and routing numbers to Barrister John Ade, they will fall for this. If the trojan didn't need you to accept the download, enter a password, or do anything at all we would call it a worm. I am confident that with some finagling, someone with more skills than me could distribute this trojan via a safari bug with some local privilege escalation some such, eliminating the need for the user to enter a password.
While Windows users (particularly Vista) would do this without a second thought, I suspect that Mac users will be more cautious and few people will fall for it.
There is a sucker born every minute, and since a fool and his money are soon parted, I doubt the suckers can afford a Mac :-) Seriously though, thinking Mac users are generally smarter than everyone else is just wrong. We wouldn't need Mac IT support if the users knew how to admin their stuff.
Mac viruses won't become wide-spread until they can auto-install and run without human assistance (like Windows malware).
Windows malware does require assistance. You have to browse to a website, view a picture, read an email, inhale, exhale, etc, etc, etc. Given, this is not much human assistance but its pretty damn hard to get win32 malware to auto install anymore.
Am I missing something here? (Beyond the Apple bashing?)
iPhone bashing :-)
On Wed Oct 31 19:27:30 2007, Gadi Evron wrote:On Wed, 31 Oct 2007, Alex Eckelberry wrote: It's the Windows eco-system of Widnows 98 being repeated.
I would say Gadi was off a bit. I think the iPhone + Safari is the new windows 9x +IE. I would bet that we will see iPhone -JP _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: mac trojan in-the-wild, (continued)
- RE: mac trojan in-the-wild Gadi Evron (Oct 31)
- RE: mac trojan in-the-wild Larry Seltzer (Oct 31)
- Re: mac trojan in-the-wild Brian Loe (Oct 31)
- RE: mac trojan in-the-wild Nick FitzGerald (Oct 31)
- Re: mac trojan in-the-wild der Mouse (Oct 31)
- Re: mac trojan in-the-wild Dude VanWinkle (Oct 31)
- Re: mac trojan in-the-wild Dr. Neal Krawetz (Nov 01)
- Re: mac trojan in-the-wild Drsolly (Nov 01)
- RE: mac trojan in-the-wild Alex Eckelberry (Nov 01)
- Re: mac trojan in-the-wild Valdis . Kletnieks (Nov 01)
- Re: mac trojan in-the-wild Dude VanWinkle (Nov 01)
- RE: mac trojan in-the-wild David Harley (Nov 02)
- RE: mac trojan in-the-wild Alex Eckelberry (Nov 02)
- RE: mac trojan in-the-wild David Harley (Nov 02)
- RE: mac trojan in-the-wild Larry Seltzer (Nov 03)
- RE: mac trojan in-the-wild Nick FitzGerald (Nov 03)
- RE: mac trojan in-the-wild Larry Seltzer (Nov 03)
- RE: mac trojan in-the-wild Gadi Evron (Nov 03)
- Re: mac trojan in-the-wild Dude VanWinkle (Nov 05)
- Re: mac trojan in-the-wild Gadi Evron (Nov 05)
- Re: mac trojan in-the-wild Dude VanWinkle (Nov 06)