http://isc.sans.org/diary.html?storyid=3595
This is rather shocking (and not so shocking...both at the same time).
This is NOT a failing of OS X. This trojan installs via some social engineering...a human and not object failure.
[UPDATE:
I've added the following rule (highlighted at the above link) to two of my Snort sensors:
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE CURRENT_EVENTS Mac Trojan HTTP Checkin (accept-language violation)"; flow:established,to_server; content:"GET "; depth:4; content:" HTTP/1.1|0d 0a|Accept-Language\: "; pcre:"/Accept-Language\: [a-zA-Z0-9]{20}/"; classtype:trojan-activity; sid:2007650; rev:1;)]
1 comment:
I have some experience with Linux hardening but want to expose a Mac. Do you have any advice for securing Mac OS X (10.5)?
Post a Comment