Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: mac trojan in-the-wild
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 02 Nov 2007 18:54:05 +1300

Adam St. Onge wrote:

So if i put a picture of a naked girl on a website and said to see more you
must open a terminal and enter "rm -rf".
Would we consider this a trojan...or just stupidity?

That would be "just stupidity", to use your terminology.

"Trojan functionality" is a feature of the code of interest.  Here 
there is no such code, just a user directly executing a (rather ill-
advised) system command.

The difference between what you describe and this new Mac trojan is 
that in the latter case the user accepts "the code of interest" as 
being "code to do something s/he wants" which turns out to also/instead 
be "code designed to do something s/he doesn't want" (there are no 
absolutely hard and fast definitions of "Trojan" in this context, so 
sorry if that seems a bit waffly, but generally "code of interest" will 
be some part of the fucntionality of an interpreted or executed 
program).

So, what you describe is _not_ a Trojan but _does_ involve social 
engineering.


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault