RE: Re: mac trojan in-the-wild

["David Harley" <david.a.harley () gmail com>]

> Sadly, it is not this I am worried about, but the emails 
> which are going to follow it claiming to from Apple's 
> technical support and/or security group, advising the user to 
> run the special security patch which just happens to be 
> attached attached to the message in order to fix the security 
> hole used by this trojan.  And, of course, it cannot be 
> provided via normal patching mechanisms since if the trojan 
> is present it blocks the patch from being downloaded, et cetera.

Turns out it's not a problem at all. Apparently:

1) Mac users more intelligent than Windows users and no Mac user will ever
fall for a Trojan relying on a social engineering attack.
2) If a Mac user -does- fall for a social engineering attack, he'll deserve
everything he gets.
3) Trojans don't matter because they don't replicate. 
4) Hardly any Windows malware requires user intervention, so turns out that
social engineering isn't a factor at all. 
5) The Trojan is being hyped up by the anti-virus companies and the
Mac-hating security community.
6) Anti-virus companies are classifying this particular Trojan as low-risk,
so it doesn't matter. 

Back in the real world, though, there are positives. Mac sites and the media
have generally been treating the issue responsibly. AV companies have not
hyped: in fact, they've slightly understated the issue, which isn't about
the number of machines compromised by this particular Trojan (does anyone
have reports of actual compromises?) but the future implications of
professional interest in exploiting the Mac platform. Most of the Mac
specialist lists I'm on have been discussing the issue calmly and
rationally, without the confused paranoia of the fallacies and
self-contradictions listed above. Even the list where all those chestnuts
have resurfaced (and some of the abuse has made me wonder about the mental
health of some of the participants) has now settled down to discuss relevant
administrative issues perfectly rationally. But my main worry has never been
these guys: while some of them clearly know much less about malware than
they seem to think they do, they probably won't fall in huge numbers for
this kind of attack. But they do have the capacity to mislead Mac users who
(like most Windows users) have no idea what goes on under the hood and will
for home the take-home points will be Mac safe, Windoze dangerous.

--
David Harley
AVIEN Interim Administrator: http://www.avien.org 
http://www.smallblue-greenworld.co.uk  


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.