[LINK] Apple Mac malware: caught on camera

Ivan Trundle ivan at itrundle.com
Fri Mar 27 21:34:17 AEDT 2009 

Lovely.

A variant of the exploit found back in October of last year, it seems  
to have affected mostly people looking at dubious videos of Britney  
Spears, porn hunters, and warez seekers, and who are happy to a)  
download software from an untrusted/unknown source, then b) be asked  
to use their admin password to install it.

Windows XP can install in the background without the user's knowledge,  
so they're possibly worse off.

No OS can protect against social engineering hacks, and no trojan  
horse protection will be able to stop it in time, either. What is  
interesting here is that the video attempting to make out that the  
website in question was 'genuine' in look and feel: I'd respond by  
saying that any software which claims to offer 68 different features  
(such as 'Advanced Power Saving Scheme for notebook PC') in only 10MB  
is doing it all wrong. Either that, or they should be working for  
Adobe or Microsoft.

What really annoys me, though, is companies like Sophos and Intego  
don't suggest that the best protection is to be more cautious and less  
stupid, but rather to rely entirely on paid software from these two  
companies. The FUD factor is galling.

iT


On 27/03/2009, at 7:33 PM, Kim Holburn wrote:

> http://www.sophos.com/blogs/gc/g/2009/03/25/apple-mac-malware-caught-camera/
>> Pob in our analysis labs blogged earlier this week about a new
>> variant of the RSPlug Trojan horse for Mac OS X that he had written
>> protection against.
>>
>> One of the ways in which the OSX/RSPlug-F Mac Trojan horse is being
>> distributed by hackers is in the form of a poisoned HDTV/DTV program
>> called MacCinema.
>>
>> As you'll see in this video, visiting a website that gives many of
>> the signs of legitimacy, can lead to you downloading a Trojan horse.
>> Even for the Apple Mac.
>
>
> http://www.youtube.com/watch?v=RTeSYmQS820
>
>> The video is also available on YouTube.
>>
>> And don't try and tell me that this couldn't affect Mac OS X users
>> because they would have to enter their administrator username and
>> password to install the package. If they were prepared to download
>> this program from this website, I feel pretty confident that they
>> would enter their administrator details to allow installation too!
>>
>> Mac users are no different to Windows users in this regard - this is
>> social engineering, plain and simple.
>>
>> Oh, and Windows users shouldn't feel too smug about this either. If
>> you visit the site on a Windows computer, it will serve up a
>> malicious Windows executable from the Zlob family of malware rather
>> than a Mac OS X Trojan horse.
>
> -- 
> Kim Holburn
> IT Network & Security Consultant
> Ph: +39 06 855 4294  M: +39 3494957443
> mailto:kim at holburn.net  aim://kimholburn
> skype://kholburn - PGP Public Key on request
>
>

--
Ivan Trundle
http://itrundle.com ivan at itrundle.com
ph: +61 (0)418 244 259 fx: +61 (0)2 6286 8742 skype: callto://ivanovitchk

More information about the Link mailing list