Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: mac trojan in-the-wild
From: Peter Besenbruch <prb () lava net>
Date: Thu, 1 Nov 2007 16:53:12 -1000

On Thursday 01 November 2007 16:13:10 Paul Schmehl wrote:
--On November 1, 2007 3:36:00 PM -1000 Peter Besenbruch <prb () lava net>

Firefox throws up a download dialog, asking what I should do
with "prettyyoungthing.rpm," while a Javascript pop-up explains that to
see  these great images, I need to save the file, and type "rpm -i
prettyyoungthing.rpm," and that I need to do it as root.

There is no need to do that.  In both Macs and Gnome or KDE on Unix, if
you try to run rpm -i (of whatever the install paradigm is on your flavor
of OS), you'll be *prompted* for the root password, not asked to run it as
root.  Big difference, and one that many users do not appreciate at all.

Sadly, that doesn't seem to work on Debian. Yes, I have RPM installed.

When an internationally recognized Ph.D psychologist can lose $3 million
US to the 419 scam and be prepared to lose more, is it really a stretch to
think that a fake codec trojan will make inroads on the Mac?

The question is, HAS it made inroads? From what I read, it hasn't. What are 
the factors limiting the spread? Making inroads on the Mac would be analogous 
to the Nigerians tricking many PhDs in psychology.

As I implied in my last post, the spread of malware is somewhat proportional 
to the level of interaction. Even on a Mac, you have to go through a number 
of steps to install this stuff.

Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]