Re: [Full-disclosure] mac trojan

http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml Regards, T On Thu, Apr 5, 2012 at 10:30 AM, RandallM wrote: > can someone tell me what effects there are to being infected with > flashback? signs? google search just brings up the same same news > stories. > > also, if one

Re: [Full-disclosure] mac trojan

On Thu, Apr 5, 2012 at 10:30 AM, RandallM wrote: > can someone tell me what effects there are to being infected with > flashback? signs? google search just brings up the same same news > stories. > > also, if one is.. it seems there are some files that cannot be > recovered so new install necessar

Re: [Full-disclosure] mac trojan

http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml On Thu, Apr 5, 2012 at 9:30 AM, RandallM wrote: > can someone tell me what effects there are to being infected with > flashback? signs? google search just brings up the same same news > stories. > > also, if one is.. it seem

[Full-disclosure] mac trojan

can someone tell me what effects there are to being infected with flashback? signs? google search just brings up the same same news stories. also, if one is.. it seems there are some files that cannot be recovered so new install necessary? -- been great, thanks RandyM a.k.a System _

Re: [Full-disclosure] mac trojan in-the-wild

--On Monday, November 05, 2007 14:54:52 -0400 Dude VanWinkle <[EMAIL PROTECTED]> wrote: > On 11/2/07, reepex <[EMAIL PROTECTED]> wrote: >> I guess you never heard of full disk encryption, finger print readers, or >> caged machines. > > Well, caged machines fall outside of the "dont have physical

Re: [Full-disclosure] mac trojan in-the-wild

On 11/2/07, reepex <[EMAIL PROTECTED]> wrote: > I guess you never heard of full disk encryption, finger print readers, or > caged machines. Well, caged machines fall outside of the "dont have physical security" issue. Finger Print readers dont have anything to do with Physical Security, unless th

Re: [Full-disclosure] mac trojan in-the-wild

> On Thu, Nov 01, 2007 at 03:36:00PM -1000, Peter Besenbruch wrote: > > Firefox throws up a download dialog, asking what I should do > > with "prettyyoungthing.rpm," while a Javascript pop-up explains that to > > see these great images, I need to save the file, and type "rpm -i > > prettyyoungthing

Re: [Full-disclosure] mac trojan in-the-wild

> you'll be *prompted* for > the root password, not asked to run it as root. Big > difference, and one that many users do not appreciate at all. Good point. A lot has been made of the number of steps involved, but if you accept the manifest impossibility that -any- Mac user would ever fall for

Re: [Full-disclosure] mac trojan in-the-wild -- antair restored

Apologies for the cut off posting (antair did it), but I have a few ideas that I've yet to see mentioned anywhere. Maybe they exist already under a different name, but here's my two cents in how to fix this mess. My approach is through the implementation of multiple mechanisms in the os. 1) an

Re: [Full-disclosure] mac trojan in-the-wild

I beg to differ, a claymore is a bit large... it would have to be something a bit smaller, especially if its a laptop. reepex wrote: > I guess you never heard of full disk encryption, finger print readers, > or caged machines. > > > On Nov 2, 2007 3:51 PM, Dude VanWinkle <[EMAIL PROTECTED] >

Re: [Full-disclosure] mac trojan in-the-wild

I guess you never heard of full disk encryption, finger print readers, or caged machines. On Nov 2, 2007 3:51 PM, Dude VanWinkle <[EMAIL PROTECTED]> wrote: > On 11/2/07, J. Oquendo <[EMAIL PROTECTED]> wrote: > > Dude VanWinkle wrote: > > > > > A program installed under false pretenses that will

Re: [Full-disclosure] mac trojan in-the-wild

On 11/2/07, J. Oquendo <[EMAIL PROTECTED]> wrote: > Dude VanWinkle wrote: > > > A program installed under false pretenses that will give the > > author/distributer remote access to the victim machines. > > Right... Guess those local are not a threat. ?? Local to the machine?? all prevention metho

Re: [Full-disclosure] mac trojan in-the-wild

Dude VanWinkle wrote: > A program installed under false pretenses that will give the > author/distributer remote access to the victim machines. Right... Guess those local are not a threat. > -JP Vranisaprick is that you -- J. Oquendo SGFA

Re: [Full-disclosure] mac trojan in-the-wild

On 11/2/07, Nick FitzGerald <[EMAIL PROTECTED]> wrote: > (there are no > absolutely hard and fast definitions of "Trojan" in this context, A program installed under false pretenses that will give the author/distributer remote access to the victim machines. Bam! :-) -JP

Re: [Full-disclosure] mac trojan in-the-wild

> Actually, on that same note, I recently did an analysis of > the last three years of published Windows vulnerabilities. Thanks, Roger. That's a really useful, apposite and timely item. -- David Harley AVIEN Interim Administrator: http://www.avien.org http://www.smallblue-greenworld.co.uk

Re: [Full-disclosure] mac trojan-vs-USERS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 02 Nov 2007 00:09:33 -0400 RMueller <[EMAIL PROTECTED]> wrote: >of there OS. Move a folder and "all" programs are gone! Regardless "their" >Or, can we educate? trying. >thanks np. -BEGIN PGP SIGNATURE- Note: This signature can b

Re: [Full-disclosure] mac trojan in-the-wild

On 11/1/07, nnp <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > I'm not sure if you accidentally quoted my reply or not there, because > if you did you're completely missing my point. My issue is with the > format and content (or lack thereof) of the first post, I d

Re: [Full-disclosure] mac trojan in-the-wild

NOTE: Resending this was blocked last time. Profit-driven malware has gotten very good at using Social Engineering (backed up with Exploits) to spread itself. Zlob and it Codecs are one particular example that has worked very well on Windows, even by simply getting the user to install the software

Re: [Full-disclosure] mac trojan in-the-wild

Profit-driven malware has gotten very good at using Social Engineering (backed up with Exploits) to spread itself. Zlob and it Codecs are one particular example that has worked very well on Windows, even by simply getting the user to install the software willingly. The Storm/Zhelatin/Russian Busine

Re: [Full-disclosure] mac trojan in-the-wild

I included any exploit that took any end-user's interaction into the 86% number. I included the list of exploits and what I considered a client-side attack (versus truly remote) in the article: http://weblog.infoworld.com/securityadviser/archives/WindowsExploitAnaly sis.xls It's not perfect, and

Re: [Full-disclosure] mac trojan in-the-wild

Adam St. Onge wrote: > So if i put a picture of a naked girl on a website and said to see more you > must open a terminal and enter "rm -rf". > Would we consider this a trojan...or just stupidity? That would be "just stupidity", to use your terminology. "Trojan functionality" is a feature of the

Re: [Full-disclosure] mac trojan-vs-USERS

I read a lot of babel on this subject. The point is simple...they are users as much as PC folks. Friends, I serve both, and there is not much difference. 15 years doing the same damn job and they still can't add a printer regardless of there OS. Move a folder and "all" programs are gone! Regardless

Re: [Full-disclosure] mac trojan in-the-wild

On Thu, 1 Nov 2007, Paul Schmehl <[EMAIL PROTECTED]> wrote: > --On November 1, 2007 10:14:50 PM -0400 Jay Sulzberger <[EMAIL PROTECTED]> > wrote: >> >> On Thu, 1 Nov 2007, Paul Schmehl <[EMAIL PROTECTED]> wrote: >> >>> --On November 1, 2007 6:31:39 PM -0400 "Adam St. Onge" >>> <[EMAIL PROTECT

Re: [Full-disclosure] mac trojan in-the-wild

--On November 1, 2007 4:53:12 PM -1000 Peter Besenbruch <[EMAIL PROTECTED]> wrote: There is no need to do that. In both Macs and Gnome or KDE on Unix, if you try to run rpm -i (of whatever the install paradigm is on your flavor of OS), you'll be *prompted* for the root password, not asked to ru

Re: [Full-disclosure] mac trojan in-the-wild

> --On November 1, 2007 10:14:50 PM -0400 Jay Sulzberger <[EMAIL PROTECTED]> > wrote: >> >> On Thu, 1 Nov 2007, Paul Schmehl <[EMAIL PROTECTED]> wrote: >> >>> --On November 1, 2007 6:31:39 PM -0400 "Adam St. Onge" >>> <[EMAIL PROTECTED]> wrote: >>> So if i put a picture of a naked girl on a we

Re: [Full-disclosure] mac trojan in-the-wild

--On November 1, 2007 10:14:50 PM -0400 Jay Sulzberger <[EMAIL PROTECTED]> wrote: On Thu, 1 Nov 2007, Paul Schmehl <[EMAIL PROTECTED]> wrote: --On November 1, 2007 6:31:39 PM -0400 "Adam St. Onge" <[EMAIL PROTECTED]> wrote: So if i put a picture of a naked girl on a website and said to see m

Re: [Full-disclosure] mac trojan in-the-wild

On Thursday 01 November 2007 16:13:10 Paul Schmehl wrote: > --On November 1, 2007 3:36:00 PM -1000 Peter Besenbruch <[EMAIL PROTECTED]> > > wrote: > > Firefox throws up a download dialog, asking what I should do > > with "prettyyoungthing.rpm," while a Javascript pop-up explains that to > > see th

Re: [Full-disclosure] mac trojan in-the-wild

On Thu, 1 Nov 2007, Thor (Hammer of God) <[EMAIL PROTECTED]> wrote: > That's an interesting figure (86% that is). Can you give us some > insight into what you define as "user interaction"? > > If it is clicking a link or reading an HTML email, then OK. If it is > opening an .exe from an email,

Re: [Full-disclosure] mac trojan in-the-wild

That's an interesting figure (86% that is). Can you give us some insight into what you define as "user interaction"? If it is clicking a link or reading an HTML email, then OK. If it is opening an .exe from an email, I'd like to see what client you are talking about and what environment (meaning

Re: [Full-disclosure] mac trojan in-the-wild

On Thu, 1 Nov 2007, Paul Schmehl <[EMAIL PROTECTED]> wrote: > --On November 1, 2007 6:31:39 PM -0400 "Adam St. Onge" > <[EMAIL PROTECTED]> wrote: > >> So if i put a picture of a naked girl on a website and said to see more >> you must open a terminal and enter "rm -rf". >> >> >> Would we cons

Re: [Full-disclosure] mac trojan in-the-wild

--On November 1, 2007 3:36:00 PM -1000 Peter Besenbruch <[EMAIL PROTECTED]> wrote: Firefox throws up a download dialog, asking what I should do with "prettyyoungthing.rpm," while a Javascript pop-up explains that to see these great images, I need to save the file, and type "rpm -i prettyyoungth

Re: [Full-disclosure] mac trojan in-the-wild

On Thu, 1 Nov 2007, Adam St. Onge <[EMAIL PROTECTED]> wrote: > So if i put a picture of a naked girl on a website and said to see more you > must open a terminal and enter "rm -rf". > Would we consider this a trojan...or just stupidity? Yes, a Trojan. Yes, stupidity on the part of the designer

Re: [Full-disclosure] mac trojan in-the-wild

--On November 1, 2007 6:31:39 PM -0400 "Adam St. Onge" <[EMAIL PROTECTED]> wrote: So if i put a picture of a naked girl on a website and said to see more you must open a terminal and enter "rm -rf". Would we consider this a trojan...or just stupidity? I would consider it stupidity to think

Re: [Full-disclosure] mac trojan in-the-wild

On Thursday 01 November 2007 11:49:09 Alex Eckelberry wrote: > The future of malware is going to be largely through social engineering. > Does that mean we ignore every threat that comes out because it requires > user interaction? Seems like whistling past the graveyard to me. Alex, no-one is sa

Re: [Full-disclosure] mac trojan in-the-wild

On Thu, 1 Nov 2007, Jim Harrison wrote: > While Apple-oriented threats may not get either the validation or the > publicity (on hardly equals the other) that Windows attacks do, it's hardly > accurate (much less fair) to make those comparisons. > For all those comparative points, my Kaypro-4 runn

Re: [Full-disclosure] mac trojan in-the-wild

Heh-heh; he said "Steve Gibson"; heh-heh-heh Seriously; Tim is right. While Apple-oriented threats may not get either the validation or the publicity (on hardly equals the other) that Windows attacks do, it's hardly accurate (much less fair) to make those comparisons. For all those comparative p

Re: [Full-disclosure] mac trojan in-the-wild

Actually, on that same note, I recently did an analysis of the last three years of published Windows vulnerabilities. 86% required local end-user interaction (i.e. social engineering) to be pulled off. http://www.infoworld.com/article/07/10/19/42OPsecadvise-insider-threats_ 1.html I didn't analyz

Re: [Full-disclosure] mac trojan in-the-wild

So if i put a picture of a naked girl on a website and said to see more you must open a terminal and enter "rm -rf". Would we consider this a trojan...or just stupidity? On 11/1/07, Alex Eckelberry <[EMAIL PROTECTED]> wrote: > > > Let's not over-hype this-- while "Apple's day" has been coming, say

Re: [Full-disclosure] mac trojan in-the-wild

> Let's not over-hype this-- while "Apple's day" has been coming, saying that users will be "hit hard" on something the user has to > manually download, manually execute, and explicitly grant administrative privileges to is *way* over the top. The future of malware is going to be largely through

Re: [Full-disclosure] mac trojan in-the-wild

On 10/31/07, Gadi Evron <[EMAIL PROTECTED]> wrote: > > For whoever didn't hear, there is a Macintosh trojan in-the-wild being > dropped, infecting mac users. > Yes, it is being done by a regular online gang--itw--it is not yet another > proof of concept. The same gang infects Windows machines as we

Re: [Full-disclosure] mac trojan in-the-wild

On Wednesday 31 October 2007 13:21:00 Gadi Evron wrote: > This means one thing: Apple's day has finally come and Apple users are > going to get hit hard. All those unpatched vulnerabilities from years past > are going to bite them in the behind. > > I can sum it up in one sentence: OS X is the new

Re: [Full-disclosure] mac trojan in-the-wild

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm not sure if you accidentally quoted my reply or not there, because if you did you're completely missing my point. My issue is with the format and content (or lack thereof) of the first post, I don't think I mentioned the iPhone, *BSD, MS or at any

Re: [Full-disclosure] mac trojan in-the-wild

On 11/1/07, nnp <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > There's a difference between ignoring something and making a statement like > > 'OS X is the new Windows 98.' OK How about "iPhone is the new Win9x"? It is running a type of OSX, one that is configured

Re: [Full-disclosure] mac trojan in-the-wild

reepex to me: > > Yes, today, the average level of clue among Mac users is probably a > > shade higher than amongst Windows users, > > Is this a joke? The reason people switch to macs is because they cannot > handle simple tasks. Isnt the main thing said by new mac users is 'it just > works' me

Re: [Full-disclosure] mac trojan in-the-wild

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 There's a difference between ignoring something and making a statement like 'OS X is the new Windows 98.' Its sensationalist and of no use, especially when posted to lists that are supposedly populated with security experts. Everyone here is aware of

Re: [Full-disclosure] mac trojan in-the-wild

I will take that pepsi challenge... what is at stake ;) On Nov 1, 2007 4:50 PM, Paul Schmehl <[EMAIL PROTECTED]> wrote: > --On Thursday, November 01, 2007 16:42:51 -0500 reepex <[EMAIL PROTECTED]> > wrote: > > > On Nov 1, 2007 4:34 PM, Nick FitzGerald <[EMAIL PROTECTED]> > wrote: > > > > > > Yes

Re: [Full-disclosure] mac trojan in-the-wild

--On Thursday, November 01, 2007 16:42:51 -0500 reepex <[EMAIL PROTECTED]> wrote: > On Nov 1, 2007 4:34 PM, Nick FitzGerald <[EMAIL PROTECTED]> wrote: > > > Yes, today, the average level of clue among Mac users is probably a > shade higher than amongst Windows users, > > > > Is this a joke? The

Re: [Full-disclosure] mac trojan in-the-wild

On Nov 1, 2007 4:34 PM, Nick FitzGerald <[EMAIL PROTECTED]> wrote: > Yes, today, the average level of clue among Mac users is probably a > shade higher than amongst Windows users, Is this a joke? The reason people switch to macs is because they cannot handle simple tasks. Isnt the main thing s

Re: [Full-disclosure] mac trojan in-the-wild

--On Thursday, November 01, 2007 13:27:07 -0600 Steven Block <[EMAIL PROTECTED]> wrote: > You're an idiot. > > Save this as a script and run it, it will give you unlimited power: > ># !/bin/sh > sudo rm -rf / > > Enter your password if you are prompted. > > Oh look, malware. If you don't think t

Re: [Full-disclosure] mac trojan in-the-wild

Steven Block to Gadi Evron: > You're an idiot. > > Save this as a script and run it, it will give you unlimited power: > > #!/bin/sh > sudo rm -rf / > > Enter your password if you are prompted. > > Oh look, malware. Were you looking in a mirror while writing that? If you think there are not

Re: [Full-disclosure] mac trojan in-the-wild

> For whoever didn't hear, there is a Macintosh trojan in-the-wild being > dropped, infecting mac users. > Yes, it is being done by a regular online gang--itw--it is not yet > another > proof of concept. The same gang infects Windows machines as well, just > that now they also target macs. > > htt

Re: [Full-disclosure] mac trojan in-the-wild

You're an idiot. Save this as a script and run it, it will give you unlimited power: #!/bin/sh sudo rm -rf / Enter your password if you are prompted. Oh look, malware. On Oct 31, 2007, at 5:21 PM, Gadi Evron wrote: > For whoever didn't hear, there is a Macintosh trojan in-the-wild > being d

[Full-disclosure] mac trojan in-the-wild

For whoever didn't hear, there is a Macintosh trojan in-the-wild being dropped, infecting mac users. Yes, it is being done by a regular online gang--itw--it is not yet another proof of concept. The same gang infects Windows machines as well, just that now they also target macs. http://sunbeltbl

Re: [Full-disclosure] mac trojan in-the-wild

It is funny that gadi does not post to this list anymore.. maybe its because he knows people here can actually express their opinion against his retarded posts without being moderated? anyway of course gadi is going to jump over stuff like this because it takes no technical knowledge to write abou

Re: [Full-disclosure] mac trojan in-the-wild

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oh don't be so bloody sensationalist. You're worse than the journalists because you should know better. - -nnp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) Comment: http://firegpg.tuxfamily.org iD8DBQFHKpQRbP10WPHfgnQRAtZ9AKDIydXWUjKG