Re: The Myth of the secure Mac
- From: GreyCloud <cumulus@xxxxxxxx>
- Date: Wed, 02 Nov 2005 16:41:19 -0700
Michelle Ronn wrote:
>
> On 2005-10-28 16:00:25 -0700, Oxford <csma@xxxxxxx> said:
>
> > TheLetterK <theletterk@xxxxxxxxxxxxxxxxxx> wrote:
> >
> >>> not unless they have "physical access" to the machine,
> >> Excuse me? Once said fake installer harvests your admin password, there
> >> is no reason it couldn't just send it off to the malicious cracker in
> >> question. Indeed, the installer could even include a simple telnet
> >> server setup by default, that starts at login.
> >
> > but you are completely overlooking the fact that said installer could
> > not be downloaded, or executed without the permission of the user. you
> > really should read the Security PDF, it will help you not look so
> > foolish. Just read Page 2, it will enlighten your mind.
> >
> >>> and yes I will agree all bets are off if that is the case, but
> >>> remotely, OSX is uncrackable.
> >> Incorrect.
> >
> > You can't show it otherwise, so it's a "fact".
> >
> > People have been trying to remotely breach 70.57.60.153 for several
> > days now, nobody can do it, furthering proving it's impossible.
>
> Check this out:
> http://www.frsirt.com/english/advisories/2005/1823
>
> Any Mac out there that did not take the 9/23/2005 security patch is
> REMOTELY vulnerable.
That's nothing... check this one out.
http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20051101006477&newsLang=en
November 01, 2005 08:04 PM US Eastern Timezone
ESET's NOD32 Proactively Detects New Variants of the Bagle
Worm; Company Warns Non-Customers of Massive Email Spam of
Win32/Bagle.DC and Win32/Bagle.DD Worms
SAN DIEGO--(BUSINESS WIRE)--Nov. 1, 2005--ESET, a global
security software company providing next-generation malware
protection, today warned customers of an email seeding of
the Win32/Bagle.DC and Win32/Bagle.DD worms. The newest
variants of the Bagle family of worms were detected this
morning and are designed to avoid signature-based detection,
leaving many antivirus companies scrambling to respond by
producing signature updates. ESET's ThreatSense(TM) Advanced
Heuristics technology immediately stopped the
new variants, without updates, once again underlining the
need for proactive protection.
So far, ESET has identified more than 13,700 emails with
Win32/Bagle.DC and 2,400 emails containing Win32/Bagle.DD
and the number is quickly growing. ESET's Virus Radar
reported a spike of activity with upwards of 2,000 emails an
hour being seeded, most likely through botnets. The
variants, a part of the Bagle family, are spammed out in
messages that have an empty subject line and a simple body
which contains just one word such as "info" or "texte" and
attached is a zipped dropper. The attachment names for
example are "Info_prices.zip," "max.zip," "sms_text.zip,"
"Business_dealing.zip" and "Business.zip." Once the emails
are opened the Win32/Bagle.DC will copy itself to
\winnt\system32hloader_exe.exe, drop the file
\winnt\system32\hleader_dll.dll, and then will try to
download a file from some urls. At present none of the
identified urls are working.
"Because of the speed at which new variants are
proliferated through botnets, even the most rapid response
from a reactive signature update is insufficient," said
Andrew Lee, CTO of ESET. "With NOD32, ESET customers were
proactively protected from these new Bagle variants in
real-time due to our powerful,
ThreatSense heuristics."
ESET is providing a free remover for the Bagle variants,
which can be downloaded at www.eset.com.
ESET's Virus Radar (www.virusradar.com), a real-time
malware tracking tool, immediately identified these
malicious Bagle variant using ThreatSense. Over the course
of a few hours, as many as 1,000 samples of the worm were
detected. Virus Radar provides site visitors with easy
access to in-depth analysis of the latest malicious
outbreaks and processes approximately five million email
messages per day to provide information such as the exact
date a virus was first detected and its current detection
rate. Virus Radar is also capable of tracking the
progression of a single virus over a given period -- in some
instances from the earliest heuristic detection of a new
virus to the point where the virus disappears.
About ESET
Founded in 1992, ESET is a global provider of security
software solutions for enterprises and consumers. NOD32,
ESET's award-winning anti-threat solution, provides
real-time protection from known and unknown viruses, spyware
and other malware. NOD32 offers the smallest, fastest and
most advanced protection available, with more Virus Bulletin
100 percent Awards than any other antivirus product
(www.virusbulletin.com). ESET was named to Deloitte's
Technology Fast 500 three years running, and has an
extensive partner network, including corporations like
Canon, Dell and Microsoft. ESET has offices in San Diego,
USA, Bratislava, SK, London, UK, Prague, CZ and is
represented worldwide in more than 80 countries. For more
information, visit www.eset.com or call 619-319-3000.
.
- Follow-Ups:
- Re: The Myth of the secure Mac
- From: Michelle Ronn
- Re: The Myth of the secure Mac
- References:
- Re: The Myth of the secure Mac
- From: Michelle Ronn
- Re: The Myth of the secure Mac
- Prev by Date: Re: Interesting TravelinMan observations
- Next by Date: Re: The Myth of the secure Mac
- Previous by thread: Re: The Myth of the secure Mac
- Next by thread: Re: The Myth of the secure Mac
- Index(es):
Relevant Pages
|
Loading
