[<prev] [next>] [day] [month] [year] [list]
Message-ID: <51a898650711020342x1230f57ev392a84cbbd72551a@mail.gmail.com>
Date: Fri, 2 Nov 2007 10:42:10 +0000
From: "Robert McArdle" <robertmcardle@...il.com>
To: "Alex Eckelberry" <AlexE@...belt-software.com>
Cc: "Thor (Hammer of God)" <thor@...merofgod.com>,
"Gadi Evron" <ge@...uxbox.org>, bugtraq@...urityfocus.com,
full-disclosure@...ts.grok.org.uk
Subject: Re: mac trojan in-the-wild
NOTE: Resending this was blocked last time.
Profit-driven malware has gotten very good at using Social Engineering
(backed up with Exploits) to spread itself. Zlob and it Codecs are one
particular example that has worked very well on Windows, even by
simply getting the user to install the software willingly. The
Storm/Zhelatin/Russian Business Network group however are by far the
best at this. They have shown time and time the power of simple Social
Engineering in order to infect victims machines. Zlob may have been
the first for profit malware to make the jump, but if it proves
profitable it will not be long before the others follow.
Robert McArdle
--
www.RobertMcArdle.com/blog/ - Techie/Security/Inane Ramblings
>
>
>
>
>
>
> On Nov 1, 2007 9:49 PM, Alex Eckelberry < AlexE@...belt-software.com> wrote:
>
> >
> > > Let's not over-hype this-- while "Apple's day" has been coming, saying
> > that users will be "hit hard" on something the user has to
> > > manually download, manually execute, and explicitly grant
> > administrative privileges to is *way* over the top.
> >
> > The future of malware is going to be largely through social engineering.
> > Does that mean we ignore every threat that comes out because it requires
> > user interaction? Seems like whistling past the graveyard to me.
> >
> > Alex
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: Thor (Hammer of God) [mailto:thor@...merofgod.com]
> > Sent: Thursday, November 01, 2007 8:15 PM
> > To: Gadi Evron; bugtraq@...urityfocus.com;
> > full-disclosure@...ts.grok.org.uk
> > Subject: RE: mac trojan in-the-wild
> >
> > > For whoever didn't hear, there is a Macintosh trojan in-the-wild being
> >
> > > dropped, infecting mac users.
> > > Yes, it is being done by a regular online gang--itw--it is not yet
> > > another proof of concept. The same gang infects Windows machines as
> > > well, just that now they also target macs.
> > >
> > > http://sunbeltblog.blogspot.com/2007/10/screenshot-of-new-mac-
> > > trojan.html
> > > http://sunbeltblog.blogspot.com/2007/10/mackanapes-can-now-can-feel-
> > > pain-of.html
> > >
> > > This means one thing: Apple's day has finally come and Apple users are
> >
> > > going to get hit hard. All those unpatched vulnerabilities from years
> > > past are going to bite them in the behind.
> >
> > Let's not over-hype this-- while "Apple's day" has been coming, saying
> > that users will be "hit hard" on something the user has to manually
> > download, manually execute, and explicitly grant administrative
> > privileges to is *way* over the top.
> >
> >
> >
> > > I can sum it up in one sentence: OS X is the new Windows 98. Investing
> >
> > > in security ONLY as a last resort losses money, but everyone has to
> > > learn it for themselves.
> >
> > Not "the new Windows 98" by a long shot - saying that is just
> > irresponsible. While Apple is not used to dealing with security in the
> > same way that other companies are, comparing OSX to Windows 98 is not
> > only a huge technical inaccuracy, but you also insult MAC users out
> > there. OSX had "UAC-like unprivileged user controls" way before Vista
> > did - let's not try to start some holy-war on this like people have
> > tried to do with Windows vs Linux in the past.
> >
> > If you want to report this, then report it-- but say what it is, a
> > totally lame user-must-be-drunk "exploit" that requires that all manner
> > of things go wrong before it works -- otherwise people will think that
> > you've dressed up as Steve Gibson for Halloween.
> >
> > t
> >
>
>
>
> --
> www.RobertMcArdle.com/blog/ - Techie/Security/Inane Ramblings
--
www.RobertMcArdle.com/blog/ - Techie/Security/Inane Ramblings
Powered by blists - more mailing lists