About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search
Home » Learning Curve

Koobface? Boobface?

Oh noes! The chasm is closing!!1!

Get It

Try It

A Windows security guru tweets on Twitter that there's now a worm attacking OS X through Twitter and Facebook and that the 'chasm is closing'. What a distraction.

There's not much to say about this pathetic hype except the following.

  • The worm has been dubbed 'Koobface' by the Windows security cottage industry. Picking dumb names is the only thing they can do. It's been out on Windows for over two years and no one's been able to stop it yet. Likely no one ever will.
  • Java is platform independent, runs 'compiled' inside a virtual machine, so all the malware writers have to do is put OS-specific commands inside to attack any platform they please. They now have variants that attack both OS X and Linux (Ubuntu).
  • In an acronym: 'BFD'. No one uses Java on OS X anymore anyway, few ever did, Apple are deprecating it, and the hoops an eejit has to jump through to get 'infected' redefine the word 'stupidity'.
  • The 'chasm' that now has to close is pretty wide: Windows has over 1,000,000 malware strains in the wild, most attacking the system proper; Apple's OS X and Linux currently have zero. That's one big mother of a chasm.
  • To see just how ridiculous this 'threat' is, follow the cartoon below.

  1. Be a total boobface and turn Java on.
  2. Go on your merry way to Facebook, Twitter, MySpace, whatever.
  3. Wait for someone to send you a stinky fishy invitation to surf to a site.
  4. Wait for the prompt to download an applet. Note the signature can't be verified.

  5. Click 'Allow' like a total boobface.
  6. You could also ask to see 'details' of the download. You'd see something like this.
  7. Note the black print ('Self-signed root certificate').
  8. Note the red print ('This root certificate is not trusted').
  9. Prove you are a total boobface and install the applet anyway.
  10. Smell the toaster on fire.

The short and sweet: this is the same thing as having someone come around to your physical location at your physical computer and saying 'hey I got this cool program, you want me to install it for you?'

And if you're that dumb then you've got it coming to you. But remember: this is not a system exploit. Koobface in no way represents a system security breach in OS X. And even if it did: they'd need 999,999 more such exploits to 'close the chasm'.

Koobface indeed. Be grateful you're not on Windows. Over there they're having a heck of a time with it.

See Also
Wikipedia: Koobface
Intego: OSX/Koobface.A Affects Mac OS X
Computerworld: 'Unprecedented wave' of Java exploits hits users, says Microsoft
Macworld UK: Koobface worm targets Mac users, but Facebook downplays the threat

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search
Copyright © Rixstep. All rights reserved.