Re: [Full-disclosure] mac trojan in-the-wild
On Thursday 01 November 2007 11:49:09 Alex Eckelberry wrote:
> The future of malware is going to be largely through social engineering.
> Does that mean we ignore every threat that comes out because it requires
> user interaction? Seems like whistling past the graveyard to me.
Alex, no-one is saying we should ignore it. I would say we downgrade the level
of threat if it requires user interaction. If it requires a lot of
interaction to launch the threat, we downgrade it some more.
Apple is faced with a significant design flaw in OS-X: You can have trusted
file types auto-execute when downloaded in Safari. This is an old problem,
partially mitigated by Apple in later versions of the OS. This has been
coupled with the ancient scam of the fake CODEC.
The one unique aspect of this attack is the target, Apple users. I suppose
Linux users are next. When they get targeted, I will be ready. I don't
typically browse porn sites, so I see a greater danger in targeted attacks
from third party advertisers. Of course, these tend to target drive by
download flaws in Windows, but I'll be ready. I suppose, though, that other
Linux users browse porn. I can see it now...
Firefox throws up a download dialog, asking what I should do
with "prettyyoungthing.rpm," while a Javascript pop-up explains that to see
these great images, I need to save the file, and type "rpm -i
prettyyoungthing.rpm," and that I need to do it as root. If running Suse or
Mandriva, this may not work. If I run Debian or Ubuntu, I should
run "alien -dci prettyyoungthing.rpm" as root. If this doesn't quite work,
please find a Deb file with "prettyyoungthing" in its name, using "find
prettyyoungthing*.deb" and issue the command "dpkg -i prettyyoungthing*.deb.
Regardless of installation method, please have the following dependencies
installed...
Oh yes, I'll be ready.
--
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky