How malware is categorized on different platforms is an interesting social phenomenon.
On windows, it's a virus even if it coaxes a user into downloading and clicking a dialogue box to ok it's installation. On Linux or Mac it would be considered a trojan... and your own damn fault if you allowed it. There's an interesting analysis to be found in this paper http://www.securitymetrics.org/content/attach/Metricon2.0/j3attAO.pdf That basically says that the economic tipping point where the expected value to the attacker of compromising a minority operating system flavour outweighs the cost of targeting it is roughly around 20% of the total population of potential targets. So if that analysis is correct; the reason you're just now seeing some level of activity on OS X malware is that it's just starting to reach that threshold in some user populations. And the reason you aren't seeing mass compromises of ubuntu machines is that they are well below that threshold. Although in the web software world, you do see quite a bit of linux focused malware (all those wordpress attacks, all the php/mysql injections, all focused on getting shells on linux boxen...) because in that population Linux has a much greater than 20% share. Just remember that the moment you think you're safe is probably the same moment that some dude in Kiev is starting the script that will drain your bank account... On Thu, Jun 30, 2011 at 4:21 PM, Ben Barrett <[email protected]> wrote: > I'm afraid that statement is simply not true, Ed! > Malware developers work on MANY platforms, ranging from handheld devices to > power-plant-control systems. > Windows may still be the primary target platform, but *certainly* not the > only one!! > There exists malware for Linux, and for OS X, etc. Malware tries to be > invisible, which may be why you haven't "seen" it. > Where there's a profit (and power-and-control as well as "intelligence" can > be profitized), there's a motive... > > BenB > > > On Thu, Jun 30, 2011 at 4:05 PM, Edward Craig <[email protected]> wrote: >> >> Well, Windows is the only platform malware authors develop for. When >> they get around to Linux we'll know Linux has arrived. I have never >> seen malware, myself, but I've been using non-Windows PCs since 1997. >> >> On Thu, Jun 30, 2011 at 13:28, Timothy J. Wiley <[email protected]> wrote: >> > So you're implying that only Windows is currently vulnerable to attacks? >> > Wow. >> > >> > On Thu, Jun 30, 2011 at 1:04 PM, <[email protected]> wrote: >> >> >> >> Neither. I am talking about the next generation infection which >> >> installs a VM under your OS. There has been talk of this for >> >> a while, but so far as I know none yet exists. But installing >> >> in the MBR is a critical element of any such VM infection. >> >> -- >> >> Allen Brown abrown at peak.org >> >> http://brown.armoredpenguin.com/~abrown/ >> >> A bug is a test case you haven't written yet. --- Mark Pilgrim >> >> >> >> >> >> ----- Original Message ----- >> >> From: "Timothy J. Wiley" <[email protected]> >> >> To: "Eugene Unix and Gnu/Linux User Group" <[email protected]> >> >> Sent: Thursday, June 30, 2011 12:47:59 PM >> >> Subject: Re: [Eug-lug] Bot infection stored in MBR >> >> >> >> >> >> Vulnerable to what? This particular infection or infections in general? >> >> >> >> >> >> On Thu, Jun 30, 2011 at 11:04 AM, < [email protected] > wrote: >> >> >> >> >> >> This seems like a small step away from booting into a virtual >> >> machine. At that point all OSs are vulnerable, not just >> >> Windoze. >> >> >> >> -- >> >> Allen Brown abrown at peak.org http://brown.armoredpenguin.com/~abrown/ >> >> Plug-and-Play is really nice, unfortunately it only works 50% of the >> >> time. To be specific the "Plug" almost always works. ---unknown source >> >> >> >> >> >> >> >> >> >> >> >> ----- Original Message ----- >> >> From: "Mr O" < [email protected] > >> >> To: [email protected] , "Eugene Unix and Gnu/Linux User Group" < >> >> [email protected] > >> >> Sent: Thursday, June 30, 2011 10:46:53 AM >> >> Subject: Re: [Eug-lug] Bot infection stored in MBR >> >> >> >> Nothing new here. Move along. >> >> >> >> >> >> --- On Thu, 6/30/11, Allen Brown < [email protected] > wrote: >> >> >> >> > From: Allen Brown < [email protected] > >> >> > Subject: [Eug-lug] Bot infection stored in MBR >> >> > To: "Eugene Unix and Gnu/Linux User Group" < [email protected] > >> >> > Date: Thursday, June 30, 2011, 10:34 AM >> >> > http://www.bbc.co.uk/news/technology-13973805 >> >> > -- >> >> > Allen Brown abrown at peak.org >> >> > http://brown.armoredpenguin.com/~abrown/ >> >> > Is there another word for synonym? --- >> >> > George Carlin >> >> >> >> >> >> >> >> _______________________________________________ >> >> EUGLUG mailing list >> >> [email protected] >> >> http://www.euglug.org/mailman/listinfo/euglug >> >> >> >> >> >> _______________________________________________ >> >> EUGLUG mailing list >> >> [email protected] >> >> http://www.euglug.org/mailman/listinfo/euglug >> >> >> >> _______________________________________________ >> >> EUGLUG mailing list >> >> [email protected] >> >> http://www.euglug.org/mailman/listinfo/euglug >> > >> > >> > _______________________________________________ >> > EUGLUG mailing list >> > [email protected] >> > http://www.euglug.org/mailman/listinfo/euglug >> > >> > >> >> >> >> -- >> Edward P. Craig >> "Think this through with me. Let me know your mind" Hunter/Garcia >> _______________________________________________ >> EUGLUG mailing list >> [email protected] >> http://www.euglug.org/mailman/listinfo/euglug > > > _______________________________________________ > EUGLUG mailing list > [email protected] > http://www.euglug.org/mailman/listinfo/euglug > > _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
