So if i put a picture of a naked girl on a website and said to see more you must open a terminal and enter "rm -rf".<div><br class="webkit-block-placeholder"></div><div>Would we consider this a trojan...or just stupidity?
<br><br><div><span class="gmail_quote">On 11/1/07, <b class="gmail_sendername">Alex Eckelberry</b> <<a href="mailto:AlexE@sunbelt-software.com">AlexE@sunbelt-software.com</a>> wrote:</span><blockquote class="gmail_quote" style="margin:0;margin-left:0.8ex;border-left:1px #ccc solid;padding-left:1ex">
> Let's not over-hype this-- while "Apple's day" has been coming, saying<br>that users will be "hit hard" on something the user has to<br>> manually download, manually execute, and explicitly grant
<br>administrative privileges to is *way* over the top.<br><br>The future of malware is going to be largely through social engineering.<br>Does that mean we ignore every threat that comes out because it requires<br>user interaction? Seems like whistling past the graveyard to me.
<br><br>Alex<br><br><br>-----Original Message-----<br>From: Thor (Hammer of God) [mailto:<a href="mailto:thor@hammerofgod.com">thor@hammerofgod.com</a>]<br>Sent: Thursday, November 01, 2007 8:15 PM<br>To: Gadi Evron; <a href="mailto:bugtraq@securityfocus.com">
bugtraq@securityfocus.com</a>;<br><a href="mailto:full-disclosure@lists.grok.org.uk">full-disclosure@lists.grok.org.uk</a><br>Subject: RE: mac trojan in-the-wild<br><br>> For whoever didn't hear, there is a Macintosh trojan in-the-wild being
<br><br>> dropped, infecting mac users.<br>> Yes, it is being done by a regular online gang--itw--it is not yet<br>> another proof of concept. The same gang infects Windows machines as<br>> well, just that now they also target macs.
<br>><br>> <a href="http://sunbeltblog.blogspot.com/2007/10/screenshot-of-new-mac-">http://sunbeltblog.blogspot.com/2007/10/screenshot-of-new-mac-</a><br>> trojan.html<br>> <a href="http://sunbeltblog.blogspot.com/2007/10/mackanapes-can-now-can-feel-">
http://sunbeltblog.blogspot.com/2007/10/mackanapes-can-now-can-feel-</a><br>> pain-of.html<br>><br>> This means one thing: Apple's day has finally come and Apple users are<br><br>> going to get hit hard. All those unpatched vulnerabilities from years
<br>> past are going to bite them in the behind.<br><br>Let's not over-hype this-- while "Apple's day" has been coming, saying<br>that users will be "hit hard" on something the user has to manually
<br>download, manually execute, and explicitly grant administrative<br>privileges to is *way* over the top.<br><br><br><br>> I can sum it up in one sentence: OS X is the new Windows 98. Investing<br><br>> in security ONLY as a last resort losses money, but everyone has to
<br>> learn it for themselves.<br><br>Not "the new Windows 98" by a long shot - saying that is just<br>irresponsible. While Apple is not used to dealing with security in the<br>same way that other companies are, comparing OSX to Windows 98 is not
<br>only a huge technical inaccuracy, but you also insult MAC users out<br>there. OSX had "UAC-like unprivileged user controls" way before Vista<br>did - let's not try to start some holy-war on this like people have
<br>tried to do with Windows vs Linux in the past.<br><br>If you want to report this, then report it-- but say what it is, a<br>totally lame user-must-be-drunk "exploit" that requires that all manner<br>of things go wrong before it works -- otherwise people will think that
<br>you've dressed up as Steve Gibson for Halloween.<br><br>t<br></blockquote></div><br></div>