Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: mac trojan in-the-wild
From: Paul Schmehl <pauls () utdallas edu>
Date: Thu, 01 Nov 2007 21:13:10 -0500

--On November 1, 2007 3:36:00 PM -1000 Peter Besenbruch <prb () lava net> wrote:

Firefox throws up a download dialog, asking what I should do
with "prettyyoungthing.rpm," while a Javascript pop-up explains that to
see  these great images, I need to save the file, and type "rpm -i
prettyyoungthing.rpm," and that I need to do it as root.

There is no need to do that. In both Macs and Gnome or KDE on Unix, if you try to run rpm -i (of whatever the install paradigm is on your flavor of OS), you'll be *prompted* for the root password, not asked to run it as root. Big difference, and one that many users do not appreciate at all.

The direction computing is heading is toward ease of use and obscuration of details. Given that, and the human tendency to act without thinking, socially engineered exploits will continue to enjoy success. No, they won't be as successful as self-propagating code that takes advantage of flaws in OSes and applications, but as the Storm bot creators if social engineering can successfully build a botnet of several hundred thousand machines.

When an internationally recognized Ph.D psychologist can lose $3 million US to the 419 scam and be prepared to lose more, is it really a stretch to think that a fake codec trojan will make inroads on the Mac?

Paul Schmehl (pauls () utdallas edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault