[Full-disclosure] mac trojan in-the-wild
Paul Schmehl
pauls at utdallas.edu
Fri Nov 2 02:13:10 GMT 2007
--On November 1, 2007 3:36:00 PM -1000 Peter Besenbruch <prb at lava.net>
wrote:
>
> Firefox throws up a download dialog, asking what I should do
> with "prettyyoungthing.rpm," while a Javascript pop-up explains that to
> see these great images, I need to save the file, and type "rpm -i
> prettyyoungthing.rpm," and that I need to do it as root.
There is no need to do that. In both Macs and Gnome or KDE on Unix, if
you try to run rpm -i (of whatever the install paradigm is on your flavor
of OS), you'll be *prompted* for the root password, not asked to run it as
root. Big difference, and one that many users do not appreciate at all.
The direction computing is heading is toward ease of use and obscuration
of details. Given that, and the human tendency to act without thinking,
socially engineered exploits will continue to enjoy success. No, they
won't be as successful as self-propagating code that takes advantage of
flaws in OSes and applications, but as the Storm bot creators if social
engineering can successfully build a botnet of several hundred thousand
machines.
When an internationally recognized Ph.D psychologist can lose $3 million
US to the 419 scam and be prepared to lose more, is it really a stretch to
think that a fake codec trojan will make inroads on the Mac?
Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pkcs7-signature
Size: 3701 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071101/b0243d93/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.