toggle

AAPL Stock: 119 ( + 1.4 )

Printed from http://www.macnn.com

Intego warns of Trojan Horse for OS X, offers update

updated 02:05 pm EDT, Thu April 8, 2004

Trojan Horse for Mac OS X

to protect Mac users against the first Trojan horse that affects Mac OS X. This Trojan horse, MP3Concept (MP3Virus.Gen), exploits a weakness in Mac OS X where applications can appear to be other types of files: "The Trojan horse's code is encapsulated in the ID3 tag of an MP3 (digital music) file. This code is in reality a hidden application that can run on any Macintosh computer running Mac OS X. Intego says the malicious application can delete files, propogate itself by sending a message to other users, and also infect other MP3, JPEG, GIF or QuickTime files.

The company says that Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rather than showing the file as an application, leading users to believe that they can double-click the file to listen to it. But double clicking the file launches the hidden code, which can damage or delete files on computers
running Mac OS X, then iTunes to play the music contained in the file, to
make users think that it is really an MP3 file . While the first versions of
this Trojan horse that Intego has isolated are benign, this technique opens
the door to more serious risks.




"Due to the use of this technique, users can no longer safely double-click MP3 files in Mac OS X. This same technique could be used with JPEG and GIF files, though no such cases of infected graphic files have yet been seen."



Intego develops and sells desktop Internet security and privacy software for Macintosh.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. nemanirc

    Joined: Dec 1969

    0

    Mac only, or mac & win?

    Does this affect Mac users only, or is this a "cross-platform" virus? That is, will it spread only among Mac users, or do I have to be wary of viruses from Windows users (come to think of it, I am wary of them anyway).

  1. ericdano

    Joined: Dec 1969

    0

    so it begins

    So it begins........the flood of viruses.........:-(

  1. grimblegru

    Joined: Dec 1969

    0

    we were long overdue

    It was only a matter of time, unfortunate as it may be.

    It seems that this trojan is targeting users of peer-to-peer file sharing networks, where there's no way to validate the origins of files or said files' integrity.

    Just tread lightly and carefully - keep an eye on the entrance and a hand on the exit.

  1. Ganesha

    Joined: Dec 1969

    0

    Look like

    Windows systems will be silent carriers.

  1. grossph

    Joined: Dec 1969

    0

    Still not an issue

    First, this "virus" needs an application to make it work. The MP3 and JPG files just carry the virus code, the MP3 player or Image software will not spread the virus. There needs to be an application to "pull the virus code" from the MP3 or JPG then infect the machine. This is not new, it was first reported about a year an a half ago. Windows machines will still be more suseptiple to this then the mac, someone has to write the "host" application first to run on the mac.

    Don't get me wrong, there is potential for this to be an issue, but not any more so then someone putting virus code in an MS word document, then creating another applcation to read the MS word document and do its damage,

  1. wings_rfs

    Joined: Dec 1969

    0

    Tell Us More Please

    We need more info, MacNN. The *only* place I see *any* mention of this trojan is at Intego's web site. And it would seem to me that news about the first trojan for OSX would be plastered all over the web news services. Also, Intego says it "can" delete files, propagate via email, and attach to other media. Well... my question is, "Does it, or does it not do this?" C'mon MacNN, do your journalist thing.

  1. drewsome76

    Joined: Dec 1969

    0

    Technical misstatements?

    Full press release here:
    http://www.intego.com/news/pr40.html

    I have to play skeptic here, since some of the statements are clearly incorrect or misinformed.

    "The Trojan horse's code is encapsulated in the ID3 tag of an MP3 (digital music) file. This code is in reality a hidden application that can run on any Macintosh computer running Mac OS X.

    Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rather than showing the file as an application, leading users to believe that they can double-click the file to listen to it"

    They really don't make it clear what the so-called virus really is... is it a double-extension file where the file ends with ".mp3.app"? Is it a Carbon app with file type 'APPL' but a deliberately misleading ".mp3" extension? Is it an actual MP3 file with a malformed ID3 tag carrying virus code - in which case it would have to exploit a buffer-overflow-type weakness in one or more specific MP3 players?

    They don't clearly state whether it's an app or an MP3 file, seeming to indicate both at different points of the article. I write software for a living - an MP3 is a data file, not an executable; if you put a virus payload in there you will need to fool something into running your code. If there were a buffer overflow exploit in QuickTime or iTunes you'd think they would come right out and say it, as well as inform Apple.

    Not to cast doubt on Intego, but I wouldn't lose any sleep over this until another virus company has captured it and released a better description, because this one smells rotten.

  1. mbryda

    Joined: Dec 1969

    0

    Hoax?

    I find it funny that typing the virus name into Google yeilds NO Results.

    I find it funny that this has a striking similarity to this hoax:
    http://members.tripod.com/helpcity/mp3virus.html

    I find it funny that no other security company (Symantec, McAfee, etc) has mention of this virus.

    I find it funny that this company sells mostly unneeded security software for Mac OSX, and is the only one to find this virus...

    Take it with a grain of salt.

  1. kirkmc

    Joined: Dec 1969

    0

    Check this URL

    http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&frame=right&th=631707378ffe9292&seekm=blgl-5D750C.02150821032004%40news.bahnhof.se#link6

    You'll find out more about this Trojan, including a link to download a sample.

  1. piracy

    Joined: Dec 1969

    0

    So what?

    Mac OS X can have trojans. Mac OS X can have viruses. Mac OS X can have security issues.

    It's just a lot harder to exploit all of these things on Mac OS X for logistical, technical, and statistical reasons.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

IDrive cloud backup and sync service

There are a lot of cloud services out there, and nearly all of them can be used for backing up key files and folders. A few dedicated ...

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

MaxUpgrades 512GB Retina MacBook Pro SSD

Apple's Retina line of MacBook Pro notebooks have been impressive, right from their debut in 2012. Thinner than the previous model, t ...

toggle

Most Commented