Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: mac trojan in-the-wild

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 02 Nov 2007 18:54:05 +1300
Adam St. Onge wrote:


So if i put a picture of a naked girl on a website and said to see more you
must open a terminal and enter "rm -rf".
Would we consider this a trojan...or just stupidity?


That would be "just stupidity", to use your terminology.

"Trojan functionality" is a feature of the code of interest.  Here 
there is no such code, just a user directly executing a (rather ill-
advised) system command.

The difference between what you describe and this new Mac trojan is 
that in the latter case the user accepts "the code of interest" as 
being "code to do something s/he wants" which turns out to also/instead 
be "code designed to do something s/he doesn't want" (there are no 
absolutely hard and fast definitions of "Trojan" in this context, so 
sorry if that seems a bit waffly, but generally "code of interest" will 
be some part of the fucntionality of an interpreted or executed 
program).

So, what you describe is _not_ a Trojan but _does_ involve social 
engineering.


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: