updated 02:05 pm EDT, Thu April 8, 2004
Trojan Horse for Mac OS X
to protect Mac users against the first Trojan horse that affects Mac OS X. This Trojan horse, MP3Concept (MP3Virus.Gen), exploits a weakness in Mac OS X where applications can appear to be other types of files: "The Trojan horse's code is encapsulated in the ID3 tag of an MP3 (digital music) file. This code is in reality a hidden application that can run on any Macintosh computer running Mac OS X. Intego says the malicious application can delete files, propogate itself by sending a message to other users, and also infect other MP3, JPEG, GIF or QuickTime files.
The company says that Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rather than showing the file as an application, leading users to believe that they can double-click the file to listen to it. But double clicking the file launches the hidden code, which can damage or delete files on computers
running Mac OS X, then iTunes to play the music contained in the file, to
make users think that it is really an MP3 file . While the first versions of
this Trojan horse that Intego has isolated are benign, this technique opens
the door to more serious risks.
"Due to the use of this technique, users can no longer safely double-click MP3 files in Mac OS X. This same technique could be used with JPEG and GIF files, though no such cases of infected graphic files have yet been seen."
Intego develops and sells desktop Internet security and privacy software for Macintosh.