Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: mac trojan in-the-wild
From: "David Harley" <david.a.harley () gmail com>
Date: Fri, 2 Nov 2007 18:25:58 -0000

Actually, on that same note, I recently did an analysis of 
the last three years of published Windows vulnerabilities.

Thanks, Roger. That's a really useful, apposite and timely item. 

David Harley
AVIEN Interim Administrator: http://www.avien.org 

86% required local end-user interaction (i.e. social 
engineering) to be pulled off.

I didn't analyze Linux or BSD threats, but my gut feeling 
puts them at the same level or even higher.

With 86% or more of the past threats requiring social 
engineering to pull off, we can safely say the "future" you 
state below is here now.

Now, what is interesting is that any exploit requiring social 
engineering to work has so far been less of a problem than 
the vast majority of "remote buffer overflow" exploits like 
the Blaster and SQL worms.  Social engineering-required 
malware still works, and works well, but not with the same 
success of remote buffer overflow malware. There is very 
little we in the security space can point to as a 
success...but the overall decrease in remote buffer overflows 
is one.  Unfortunately, the social engineering malware is 
getting better day-by-day. We can no longer count on 
mispellings (sic) and bad grammar to be malware indicators. 
Our users, regardless of the OS, are ready as ever to click 
on interesting content, malicious or not. We've got to design 
our defenses to pay more attention to client-side attacks, 
but it is the weak point now, not in the future.


*Roger A. Grimes, InfoWorld, Security Columnist *CPA, CISSP, 
CISA, MCSE: Security (2000/2003), CEH, yada...yada...
*email: roger_grimes () infoworld com or roger () banneretcs com 
*Author of Windows Vista Security: Securing Vista Against 
Malicious Attacks (Wiley) 

-----Original Message-----
From: Alex Eckelberry [mailto:AlexE () sunbelt-software com] 
Sent: Thursday, November 01, 2007 5:49 PM
To: Thor (Hammer of God); Gadi Evron; bugtraq () securityfocus com;
full-disclosure () lists grok org uk
Subject: RE: mac trojan in-the-wild

The future of malware is going to be largely through social 
Does that mean we ignore every threat that comes out because 
it requires
user interaction?  Seems like whistling past the graveyard to me. 


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]