On Mar 29, 2009, at 6:02 AM, Bill Spencer wrote:
> > I'm wondering whether this activity transcends operating systems? > > http://www.nytimes.com/2009/03/29/technology/29spy.html?_r=1&hp No. While they don't say, specifically, I can almost guarantee it's Windows only. The description of the methods used are almost identical to any other run-of-the-mill phishing or spyware exploit. This COULD happen on a Mac. The difference is the 'whaling' aspect. This is using new viruses/ malware created by expert programmers (not using a script or virus kit) and hackers doing old-school breaking and entering, targeting very carefully chosen targets. On a corporate scale, these sorts of things are email messages sent to CEO's from what appears to be colleagues, using the same language the colleague would use...no crude "Dear WEBMAIL user, We to provide in order good service humbly request that you send your name and password..." crap. It will have a spreadsheet attached that will look real; hell, may even BE real, having been swiped from the company. In short, it will be a perfectly ordinary looking email, and pass through the company's malware detection system like water. They can only find what they're looking for. True, AV isn't as crude as simple pattern matching any more, they will monitor suspicious-looking activities, but if they come in kill the AV, do the work, restart the AV (which commercial malware does today: Conficker, anyone?) and boom, they control the computer on the CEO's desk. The malware, once on, will install a backdoor and go talk to it's controller. (backdoor programs can occupy as few as 150-200 bytes.) When people like Charlie Miller talk about exploits being worth thousands of dollars, this is why. An unannounced, unused exploit is precious. It lets you hack into systems unnoticed. An exploit that doesn't get spawned to a million computers trying to build a botnet DOES NOT GET FOUND by the AV companies. For all their talk about 'protecting us', I can guaran-damn-tee that at least SOME of these systems were up to date on OS patches and had the latest version of whatever corporate AV was in place at the time. Hacking for industrial or political espionage is very difficult to trace, without running drastic network protocols <http://www.dumbentia.com/pdflib/scissors.pdf > What this means to us? Macs are still largely safe, barring an unknown exploit giving root access remotely, WITHOUT first having a local account on the computer...this is the Holy Grail of Mac malware, and unlike any number of such exploits for Windows none have been shown for Macs. Macs ARE susceptible to social engineering: witness the link posted the other day about a Mac trojan <http://tinyurl.com/cf93vg>...if someone offers a malware program you install yourself only Scissors can help you; but the kinds of exploits used in phishing emails are harder to get through when you're using a Mac. Opening a spreadsheet from Dave the VP of Marketing shouldn't be asking for your admin password :-) -- Bruce Johnson "Wherever you go, there you are" B. Banzai, PhD --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to Low End Mac's iMac List, a group for those using G3, G4, G5, and Intel Core iMacs as well as Apple eMacs. The list FAQ is at http://lowendmac.com/imac/list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to imaclist@googlegroups.com To unsubscribe from this group, send email to imaclist-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/imaclist?hl=en Low End Mac RSS feed at feed://lowendmac.com/feed.xml -~----------~----~----~----~------~----~------~--~---