[LINK] Spyware trojan hitching ride on third-party Mac screensavers
Kim Holburn
kim at holburn.net
Wed Jun 2 19:40:10 AEST 2010
On 2010/Jun/02, at 5:50 PM, Stilgherrian wrote:
> On 02/06/2010, at 4:53 PM, Kim Holburn wrote:
>> And they still have to get [Mac] users to install malware
>> themselves. They
>> are getting sneakier about it though.
>
> This is now pretty much the case with Windows malware too. Most
> users have anti-virus software, and Vista and Windows 7 are more
> locked down that XP and its predecessors.
>
> I was at Microsoft HQ in Redmond last week, speaking with a number
> of their security people. The figures they're seeing is that roughly
> 30% of infections are coming from drive-by downloads (things
> automatically installed via, say, rogue ActiveX controls embedded in
> a web page)
So they admit that 30% of infections are still are still from things
that shouldn't happen and which are directly the responsibility of
Redmond. There is no way a browser should be allowing this sort of
activity. After all this time, it's astonishing that it can still
happen at all. It's still not right.
> and 70% are socially-engineered malware (i.e. requires user action
> to install).
What sort of user action? Just clicking a button or having to enter
an admin password?
Wwhat is the percentage of zero-day exploits? They don't appear to be
mentioned.
There is still the fact that there are many, many machines running
Windows unpatched, many pirated. The decision to not allow pirated
windows machines to be patched means there is a huge base of
compromised machines, a situation itself which greatly increases the
danger for everyone else (who runs windows).
--
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408 M: +61 404072753
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the Link
mailing list