Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: mac trojan in-the-wild
From: Peter Besenbruch <prb () lava net>
Date: Thu, 1 Nov 2007 15:36:00 -1000

On Thursday 01 November 2007 11:49:09 Alex Eckelberry wrote:

The future of malware is going to be largely through social engineering.
Does that mean we ignore every threat that comes out because it requires
user interaction?  Seems like whistling past the graveyard to me.

Alex, no-one is saying we should ignore it. I would say we downgrade the level 
of threat if it requires user interaction. If it requires a lot of 
interaction to launch the threat, we downgrade it some more.

Apple is faced with a significant design flaw in OS-X: You can have trusted 
file types auto-execute when downloaded in Safari. This is an old problem, 
partially mitigated by Apple in later versions of the OS. This has been 
coupled with the ancient scam of the fake CODEC.

The one unique aspect of this attack is the target, Apple users. I suppose 
Linux users are next. When they get targeted, I will be ready. I don't 
typically browse porn sites, so I see a greater danger in targeted attacks 
from third party advertisers. Of course, these tend to target drive by 
download flaws in Windows, but I'll be ready. I suppose, though, that other 
Linux users browse porn. I can see it now...

Firefox throws up a download dialog, asking what I should do 
with "prettyyoungthing.rpm," while a Javascript pop-up explains that to see 
these great images, I need to save the file, and type "rpm -i 
prettyyoungthing.rpm," and that I need to do it as root. If running Suse or 
Mandriva, this may not work. If I run Debian or Ubuntu, I should 
run "alien -dci prettyyoungthing.rpm" as root. If this doesn't quite work, 
please find a Deb file with "prettyyoungthing" in its name, using "find 
prettyyoungthing*.deb" and issue the command "dpkg -i prettyyoungthing*.deb. 
Regardless of installation method, please have the following dependencies 

Oh yes, I'll be ready.
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]