Malware iFrame exploit (MPack)?

J

jonpb

Registered
Apologies if this post is a dup... I couldn't find it in the forums. Does the latest iFrame exploit (MPack attack) affect macs?

Info:
http://news.com.com/8301-10784_3-9731570-7.html?part=rss&subj=news&tag=2547-1_3-0-5

http://news.com.com/8301-10784_3-9731018-7.html

can't seem to find an answer either way... even from the 28 page pdf

[EDIT] Apparently it can detect mac browsers, still a bit unclear on what this does though... any insight? I'm on 10.4.9, latest browser /security updates, PPC.

Thanks in advance.
 
I had a look at the 28 page PDF (http://blogs.pandasoftware.com/blogs/images/PandaLabs/2007/05/11/MPack.pdf) and it is a very big and detailed report on MPack which shows the vulnarabilities that it attacks, and all of them are Windows only. Some affect both MSIE and Firefox, some only MSIE, and some affect Windows Media Player.

Part of the point of MPack's modular design is that it allows new modules to be added on as new exploits are discovered, however MPack itself is executable for Windows only.

In short: Mac users can once again shrug this particular threat off, and I hope it will stay that way.
 
But... the PDF does say it sniffs for browsers on the mac, and lists all OSs as 'vulnerable'... I'm just not clear on what executes and what it can affect. If Macs *are* safe, why detect for them?

Many Thanks,
 
According to the document...

Vulnarbilities Used:
* Internet Explorer MDAC Remote Code Execution Exploit MS06-014
* Vulnerability in Vector Markup Language could allow code execution MS06-055
* Microsoft Management Console could allow remote code execution MS06-044
* Windows Media Player Plugin EMBED Overflow Universal Exploit MS06-006
* As above, but adapted for Opera browser.
* Vulnerability in Microsoft XML Core Services Could allow remote code execution MS06-071
Click to expand...

MS06-006 was the only one that *might* have affected the Mac. I checked the details of the vulnerability and it reads ...(http://www.microsoft.com/technet/security/Bulletin/MS06-006.mspx):
"...Customers who use a Microsoft Windows Media Player plug-in for non-Microsoft Internet browsers."
Affected Software:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 x64 Edition
Click to expand...

So, for now, I stand by my statement that this MPack malware is only affecting Windows machines. It is an interesting side-note that it affects plug-ins which could make it work with Firefox or Opera browsers as well as MSIE, but the vulnerabilities, and the code that MPack executes, are still confined to Winblows.
 
You must log in or register to reply here.
Back
Top