| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 02 Nov 2007 12:36:57 +1300 From: Nick FitzGerald <nick@...us-l.demon.co.uk> To: bugtraq@...urityfocus.com Subject: Re: mac trojan in-the-wild Matthew Leeds wrote: > Let's see now, user must: > > 1) Navigate to porn site > 2) Download Trojan > 3) Either open file or have set 'Open Safe Files...' > 4) Must allow install by typing admin password > > Oh yeah, this will clearly hit Mac users hard, not. I don't see this > as a big deal, more as Darwin in action (if you will not mind the > pun). How this is a big deal is hard to see. Just a few more > machines in the bot net. Depends on how you define "hard". It certainly will be "hard" for each of its victims. And it is "hard" in the sense that Mac fanboyz are so busy denying that this could ever be an issue that they will collectively have a lot of egg on their face for each successful Mac installation it gets. "hard" as in "mass infestation" -- almost certainly not, but then that's not how these things work. Have you _any_ idea of the size of business behind these "DNS changer" Trojans? A recent presentation I saw showed that one of these operations is clearly making enough money to run _hundreds_ of servers, hosted at nice, respectable major hosting services. That's pretty "hard" too... > Now a self-replicating virus, that might be an issue, ... Oh, come on now -- don't tell me you think Macs are virus proof? Care to elaborate on why self-replicating code on OS X would be especially noteworthy? (Let me give you some advice before you try. Go read the relevant literature. And another hint -- it starts with a chap named Cohen and you really only need to understand one or two of his papers or his Ph.D. thesis to realize why taking on this challenge would, for the rest of us, be a good laugh at your expense...) > ... but this is a > dead end. ... ...depending on your definition of "dead". Clearly yours is based on something so far out of touch with the real world of "typical users" that it really was not worth the effort you expended writing about it. Or did you mean "helping organized crime make it's next few millions"? > ... Not even a very effective drive by. Hey -- something we agree on! But then, it is clearly NOT a drive by nor ever intended to be one, so I guess it being a completely ineffective one is not that surprising... It is on sites that folks will have actively sought out, either through choosing to follow spammed links or from (dubious) search engines results, etc, etc. There is NO code on either the Mac- or Windows-specific "download" pages that tries to automatically exploit anything. The whole thing is designed to appeal purely to human gullibility. It's called "social engineering" and your obvious cluelessness about it means you are a prime candidate for being taken in by some form of it (not by _this_ form obviously, but by some other form -- this kind of specialist ignorance is behind well-considered physicists and mathematicians being taken in by demonstrations of "paranormal ability" that professional magicians always see through). Regards, Nick FitzGerald
Powered by blists - more mailing lists