Re: [Full-disclosure] mac trojan in-the-wild
--==========B062B607F7179A5953A8==========
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
--On November 1, 2007 3:36:00 PM -1000 Peter Besenbruch <prb@lava.net>=20
wrote:
>
> Firefox throws up a download dialog, asking what I should do
> with "prettyyoungthing.rpm," while a Javascript pop-up explains that to
> see these great images, I need to save the file, and type "rpm -i
> prettyyoungthing.rpm," and that I need to do it as root.
There is no need to do that. In both Macs and Gnome or KDE on Unix, if=20
you try to run rpm -i (of whatever the install paradigm is on your flavor=20
of OS), you'll be *prompted* for the root password, not asked to run it as =
root. Big difference, and one that many users do not appreciate at all.
The direction computing is heading is toward ease of use and obscuration=20
of details. Given that, and the human tendency to act without thinking,=20
socially engineered exploits will continue to enjoy success. No, they=20
won't be as successful as self-propagating code that takes advantage of=20
flaws in OSes and applications, but as the Storm bot creators if social=20
engineering can successfully build a botnet of several hundred thousand=20
machines.
When an internationally recognized Ph.D psychologist can lose $3 million=20
US to the 419 scam and be prepared to lose more, is it really a stretch to =
think that a fake codec trojan will make inroads on the Mac?
Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
--==========B062B607F7179A5953A8==========
Content-Type: application/pkcs7-signature
Content-Transfer-Encoding: base64
MIIOcQYJKoZIhvcNAQcCoIIOYjCCDl4CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3
DQEHAaCCC98wggT4MIIEYaADAgECAhBIB7+qrKAmWL/mJXNkT/XNMA0GCSqGSIb3
DQEBBAUAMIHqMScwJQYDVQQKEx5UaGUgVW5pdmVyc2l0eSBvZiBUZXhhcyBTeXN0
ZW0xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRl
cm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTk5
MTIwMAYDVQQLEylDbGFzcyAyIENBIC0gT25TaXRlIEluZGl2aWR1YWwgU3Vic2Ny
aWJlcjEtMCsGA1UEAxMkVGhlIFVuaXZlcnNpdHkgb2YgVGV4YXMgYXQgRGFsbGFz
IENBMB4XDTA3MDIwNjAwMDAwMFoXDTA4MDIwNjIzNTk1OVowejERMA8GA1UEChMI
VVREYWxsYXMxEzARBgNVBAsTClJpY2hhcmRzb24xEzARBgNVBAMTClJlY2lwaWVu
dHMxOzA5BgNVBAMTMnBhdWxzICgxMDAwMDAxNjI3LCBUaGUgVW5pdmVyc2l0eSBv
ZiBUZXhhcyBTeXN0ZW0pMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN29IK
lK9bHv2tRj5T3/5IENY0vq7Dvpiat7gQTAdN8CPrkhkV+OXCBTxdap/vFP00hjjW
SE0hog3A6LygEreAgYiAfP4MZxa9UzpmX0AJ1NWrLO5NQk3zwh0Gd/OHDgz9u5CH
a3V8GuzHXJlBanO7gB8ZPDBHab05D/+Ai2wGMwIDAQABo4ICDDCCAggwCQYDVR0T
BAIwADAdBgNVHREEFjAUgRJwYXVsc0B1dGRhbGxhcy5lZHUwggEkBgNVHSAEggEb
MIIBFzCCARMGC2CGSAGG+EUBBwEGMIIBAjArBggrBgEFBQcCARYfaHR0cHM6Ly93
d3cudmVyaXNpZ24uY29tL3JwYS1rcjCB0gYIKwYBBQUHAgIwgcUagcJOT1RJQ0U6
IFByaXZhdGUga2V5IG1heSBiZSByZWNvdmVyZWQgYnkgVmVyaVNpZ24ncyBjdXN0
b21lciB3aG8gbWF5IGJlIGFibGUgdG8gZGVjcnlwdCBtZXNzYWdlcyB5b3Ugc2Vu
ZCB0byBjZXJ0aWZpY2F0ZSBob2xkZXIuICBVc2UgaXMgc3ViamVjdCB0byB0ZXJt
cyBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhLWtyIChjKTk5LjARBglg
hkgBhvhCAQEEBAMCB4AwdQYDVR0fBG4wbDBqoGigZoZkaHR0cDovL29uc2l0ZWNy
bC52ZXJpc2lnbi5jb20vVGhlVW5pdmVyc2l0eW9mVGV4YXNTeXN0ZW1UaGVVbml2
ZXJzaXR5b2ZUZXhhc2F0RGFsbGFzQ0EvTGF0ZXN0Q1JMLmNybDALBgNVHQ8EBAMC
B4AwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBAUA
A4GBAL0nhmnJ705/qLpPhEF5xNihb4w4wpJR/+MwPW6KamgBVeyE8/YlzCvUVAfI
idBkAEsgeVbD4/BSFkPE/rNTVqF3tCpI/CxZLJD3cLLyPPoUVwomCOYqKnDZFLoR
lUyp+40ZjjA0Pn9HqL658EKgmD0rOmPJ4Brmc1f4VZ3HQYrPMIID2DCCA0GgAwIB
AgIQQewfPacUB5bE9tUM3dEPZTANBgkqhkiG9w0BAQUFADCBwTELMAkGA1UEBhMC
VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTwwOgYDVQQLEzNDbGFzcyAyIFB1
YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIxOjA4BgNV
BAsTMShjKSAxOTk4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
IG9ubHkxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmswHhcNOTkwMzMx
MDAwMDAwWhcNMDkwMzMwMjM1OTU5WjCB6jEnMCUGA1UEChMeVGhlIFVuaXZlcnNp
dHkgb2YgVGV4YXMgU3lzdGVtMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3
b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNp
Z24uY29tL3JwYSAoYyk5OTEyMDAGA1UECxMpQ2xhc3MgMiBDQSAtIE9uU2l0ZSBJ
bmRpdmlkdWFsIFN1YnNjcmliZXIxLTArBgNVBAMTJFRoZSBVbml2ZXJzaXR5IG9m
IFRleGFzIGF0IERhbGxhcyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
v+rvh+seCsEA+SIRwdHBzNt62r420nBgMGDlGeBTLzX0yagpBdbePZ3zBppkfb7R
h1R4m/+iePH7h6vD/IdMwklBDeHA0qXX/H7/QlFOdPMB1WhzpV0EMfjmKSVjqCOa
RGqBiw+wOfHv20ZYw7q4z0vzesGiSZWDI0O6mxqPMoUCAwEAAaOBpTCBojApBgNV
HREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMS0xNDAwEQYJYIZIAYb4
QgEBBAQDAgEGMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQEwKjAoBggrBgEFBQcC
ARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL1JQQTAPBgNVHRMECDAGAQH/AgEA
MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQBTCbXcsraJ0SBQg8k4edzI
CLJJv7hTg2+KzLLkenz8o+gPX2FeX5cElRJa0pUBIvG87fFUtlSmVBihnVS8BmkE
xwIhN6KCOYinrKCf6IMZXZJIORpZgiQgQ7yGlRLcg3Th5uMTvmqkhwAxMSMHJZuv
uixRkQ5ZpqMXiNK0zlQXHDCCAwMwggJsAhEAuS9gzIifoXpGCbhbcGyKrzANBgkq
hkiG9w0BAQUFADCBwTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJ
bmMuMTwwOgYDVQQLEzNDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRp
b24gQXV0aG9yaXR5IC0gRzIxOjA4BgNVBAsTMShjKSAxOTk4IFZlcmlTaWduLCBJ
bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAsTFlZlcmlTaWdu
IFRydXN0IE5ldHdvcmswHhcNOTgwNTE4MDAwMDAwWhcNMjgwODAxMjM1OTU5WjCB
wTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTwwOgYDVQQL
EzNDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
IC0gRzIxOjA4BgNVBAsTMShjKSAxOTk4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1
dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
cmswgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKeIASF0LOcaA/CY4Zc8DyEI
8Zzbl+ma/MIEBhO+X1LIzB4sElYsuAFpLMyZH62wlq55BPITOcF7mLoILOjChBMs
qmnpCfTHqQKkQsIjT0rY8A6i+zFsyeZvmScH9eb0THiebetGhvq5hslU8rLEr9RG
HFrJFTD/DWz1LQ5tzn93AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAci75f9HxcfvE
nvbFXlGKQJi4aPibHIPY4p29/+2h5mbqLwn0ytfqpSuV9iRghk1ELoOlxC2g0654
aW9y2myuCPBjkjfmu8QwF613zEk1qs/Yj9G+txiWR3NqVCI0ZC22FptZW7RRWTqz
CxT0Et9noPStMmResUZyJ4wSe8VEtK4xggJaMIICVgIBATCB/zCB6jEnMCUGA1UE
ChMeVGhlIFVuaXZlcnNpdHkgb2YgVGV4YXMgU3lzdGVtMR8wHQYDVQQLExZWZXJp
U2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0
cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYyk5OTEyMDAGA1UECxMpQ2xhc3Mg
MiBDQSAtIE9uU2l0ZSBJbmRpdmlkdWFsIFN1YnNjcmliZXIxLTArBgNVBAMTJFRo
ZSBVbml2ZXJzaXR5IG9mIFRleGFzIGF0IERhbGxhcyBDQQIQSAe/qqygJli/5iVz
ZE/1zTAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJ
KoZIhvcNAQkFMQ8XDTA3MTEwMjAyMTMxMFowIwYJKoZIhvcNAQkEMRYEFC3F4s7H
qdxBQ36aWDXFF1L5bML6MFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYI
KoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC
AgEoMA0GCSqGSIb3DQEBAQUABIGAjJtFgRWhYQUzI4vc+eiTxWI4sXZqx8jORe5j
SR/Kg2D725bE/mlWAerBnRheK38ncbxV8DJ7eqHDGewEOkyBAJKo/XCDRlxYsYm8
u6SwQvOmv5dsVfa5wpFj05SCO7uAxyCAjptDwtHB85iYyO747aKQzoawhPvkiz19
gV6vLQ4=
--==========B062B607F7179A5953A8==========--
討論串 (同標題文章)
完整討論串 (本文為第 3 之 3 篇):