lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <27C4CD168204684589EC07B2BCFA9CFE0723C75F@hurricane.ssdcorp.net>
Date: Thu, 1 Nov 2007 17:47:14 -0400
From: "Alex Eckelberry" <AlexE@...belt-software.com>
To: <mleeds@...leeds.net>, <bugtraq@...urityfocus.com>
Subject: RE: mac trojan in-the-wild

I don't understand why this is being brushed off as not a big deal by so
many. 

No, it's not a worm, it's not a virus, it's not self-replicating.  It's
actually a pretty simple little trojan.  

But this is a bit groundbreaking -- this is the first time we've seen
the professional, profit-motivated malware folks move into the Mac.   

And like this is not a problem on Vista right now?  (which has similar
user messaging). 

The fake codecs are a plague on Windows systems.  

I'm not sure I would blow this off so quickly.  When people want their
porn, and don't know better, well... they do stupid things like install
fake codecs. And here, the Mac user is made to think this is a simple
Quicktime plug-in.  

Alex Eckelberry


-----Original Message-----
From: Matthew Leeds [mailto:mleeds@...leeds.net] 
Sent: Thursday, November 01, 2007 4:57 PM
To: bugtraq@...urityfocus.com
Subject: Re: mac trojan in-the-wild

Let's see now, user must:

1) Navigate to porn site
2) Download Trojan
3) Either open file or have set 'Open Safe Files...'
4) Must allow install by typing admin password

Oh yeah, this will clearly hit Mac users hard, not. I don't see this as
a big deal, more as Darwin in action (if you will not mind the pun). How
this is a big deal is hard to see. Just a few more machines in the bot
net.

Now a self-replicating virus, that might be an issue, but this is a dead
end. Not even a very effective drive by.

----------
---Matthew
*********** REPLY SEPARATOR  ***********

On 10/31/2007 at 6:21 PM Gadi Evron wrote:

>For whoever didn't hear, there is a Macintosh trojan in-the-wild being 
>dropped, infecting mac users.
>Yes, it is being done by a regular online gang--itw--it is not yet 
>another proof of concept. The same gang infects Windows machines as 
>well, just that now they also target macs.
>
>http://sunbeltblog.blogspot.com/2007/10/screenshot-of-new-mac-trojan.ht
>ml 
>http://sunbeltblog.blogspot.com/2007/10/mackanapes-can-now-can-feel-pai
>n-of.html
>
>This means one thing: Apple's day has finally come and Apple users are 
>going to get hit hard. All those unpatched vulnerabilities from years 
>past are going to bite them in the behind.
>
>I can sum it up in one sentence: OS X is the new Windows 98. Investing 
>in security ONLY as a last resort losses money, but everyone has to 
>learn it for themselves.
>
>Gadi Evron.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ