Well, as with anything, YMMV. The point is, this will work for some percentage of the population, particularly those who have recently moved from Windows to Linux because "it's more secure!"There is no need to do that. In both Macs and Gnome or KDE on Unix, if you try to run rpm -i (of whatever the install paradigm is on your flavor of OS), you'll be *prompted* for the root password, not asked to run it as root. Big difference, and one that many users do not appreciate at all.Sadly, that doesn't seem to work on Debian. Yes, I have RPM installed.
When an internationally recognized Ph.D psychologist can lose $3 million US to the 419 scam and be prepared to lose more, is it really a stretch to think that a fake codec trojan will make inroads on the Mac?The question is, HAS it made inroads?
Considering it was discovered just 48 hours ago, I think it's too early to tell. I fully expect to see some Macs trojaned by this. How many is anybody's guess, but it's merely a matter of time before we start seeing them show up in botnets.
OSes might be "secure" or "insecure" but people don't change.
From what I read, it hasn't. What are the factors limiting the spread?
The number of naive users who have Macs.
Making inroads on the Mac would be analogous to the Nigerians tricking
many PhDs in psychology.
That wasn't my meaning. In my opinion *any* trojaned Macs would be newsworthy simply because we haven't seen that before.
As I implied in my last post, the spread of malware is somewhat proportional to the level of interaction. Even on a Mac, you have to go through a number of steps to install this stuff.
There are (debatable) hundreds of thousands of bots trojaned with Storm. As I'm sure you are aware, you get a Storm trojan by clicking on the link in an email and then downloaded the "greeting card" that it suckers you into viewing. Yes, it does take advantage of vulnerabilities in Windows **when those are available**, but it also takes advantage of fully patched machines when their owners are naive. The same thing will happen with Macs or with any Unix system.
Furthermore, I think it's naive to say "you have to go through a number of steps to install this stuff" when you go through *exactly* the same number of steps to install something that someone you know recommends to you. For example, a friend emails you and say he/she found this fantastic utility that allows you to quickly determine all the running processes on your machine. Curious, you click on the link, download the software and start the install. Your Mac prompts you for the root password (which is also *your* password for most Mac users) and you type it in. The program installs and you start it, eager to see what your friend is raving about.
You just completed *all* the same steps that the trojan compels you to do.How many people do this sort of thing *every* day, without giving a second's thought because their friend sent the email and recommended it? Enough, apparently, to make it worthwhile for criminals to target Macs.
That should give a thinking person pause. It's certainly one more thing that I will have to worry about at work.
Paul Schmehl (pauls@xxxxxxxxxxxx) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Attachment:
p7sgmjDp82NFm.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/