Re: [Full-disclosure] mac trojan in-the-wild

[Peter Besenbruch <prb@xxxxxxxx>]

On Thursday 01 November 2007 16:13:10 Paul Schmehl wrote:
> --On November 1, 2007 3:36:00 PM -1000 Peter Besenbruch <prb@xxxxxxxx>
>
> wrote:
> > Firefox throws up a download dialog, asking what I should do
> > with "prettyyoungthing.rpm," while a Javascript pop-up explains that to
> > see  these great images, I need to save the file, and type "rpm -i
> > prettyyoungthing.rpm," and that I need to do it as root.
>
> There is no need to do that.  In both Macs and Gnome or KDE on Unix, if
> you try to run rpm -i (of whatever the install paradigm is on your flavor
> of OS), you'll be *prompted* for the root password, not asked to run it as
> root.  Big difference, and one that many users do not appreciate at all.

Sadly, that doesn't seem to work on Debian. Yes, I have RPM installed.

> When an internationally recognized Ph.D psychologist can lose $3 million
> US to the 419 scam and be prepared to lose more, is it really a stretch to
> think that a fake codec trojan will make inroads on the Mac?

The question is, HAS it made inroads? From what I read, it hasn't. What are 
the factors limiting the spread? Making inroads on the Mac would be analogous 
to the Nigerians tricking many PhDs in psychology.

As I implied in my last post, the spread of malware is somewhat proportional 
to the level of interaction. Even on a Mac, you have to go through a number 
of steps to install this stuff.

-- 
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/