[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <27F60BA59939F4A0A19FACD5@utd59514.utdallas.edu>
Date: Thu, 01 Nov 2007 16:10:49 -0500
From: Paul Schmehl <pauls@...allas.edu>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: mac trojan in-the-wild
--On Thursday, November 01, 2007 13:27:07 -0600 Steven Block
<scblock@...15.com> wrote:
> You're an idiot.
>
> Save this as a script and run it, it will give you unlimited power:
>
># !/bin/sh
> sudo rm -rf /
>
> Enter your password if you are prompted.
>
> Oh look, malware.
If you don't think this is an issue, you're not very aware of what's going
on these days. The vast majority of present successful attacks on Windows
are not exploiting vulnerabilities in Windows but taking advantage of the
gullibility of users.
There is no reason to believe that Mac users will be any less gullible than
Windows users and plenty of reason to believe they will be less aware of
the potential pitfalls of social engineering, because, until now, they
haven't been targeted.
This attack is real and will be successful to the degree that Mac users
fall for the fake codec scam. This same scam has worked quite well on
Windows users and patch level, etc. is irrelevant. The only chance a
gullible person has is *if* they are running anti-virus software and *if*
that software detects this malware and *if* they pay attention to the
warnings and do not install the "codec".
How many people who own/use Macs even have anti-virus software installed,
much less up to date?
Yes, *you* might not fall for it. Plenty of people have and will continue
to do so, just as they fall for 419 scams and all the other crap the bad
guys inundate them with.
Judging by the reactions of Mac (and some security) "experts", this attack
should be wildly successful.
--
Paul Schmehl (pauls@...allas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists