Skip to comments.
Trojan Horse Attacks Mac OS X
Wired ^
Posted on 04/09/2004 12:13:32 PM PDT by Snowy
Edited on 06/29/2004 7:10:30 PM PDT by Jim Robinson.
[history]
Thanks to Apple Computer's rising star in the world of digital music, Mac OS X has become a target for malware authors.
A Trojan horse, called MP3Concept or MP3Virus.gen, has been discovered that masquerades as an MP3 file. It hides in ID tags of the file and becomes activated when unwary users click on it, expecting to play a digital song.
(Excerpt) Read more at wired.com ...
TOPICS: Announcements; Front Page News; Miscellaneous
KEYWORDS: apple; lowqualitycrap; trojan
1
posted on
04/09/2004 12:13:33 PM PDT
by
Snowy
To: Snowy
I hope this wasn't already posted... I did a search, etc....
2
posted on
04/09/2004 12:15:24 PM PDT
by
Snowy
(Microsoft: "You've got questions? We've got dancing paperclips.")
To: All
|
1Thanks for the pic sciencediet :0)>
|
Donate Here By Secure Server
Or mail checks to FreeRepublic , LLC PO BOX 9771 FRESNO, CA 93794
or you can use
PayPal at Jimrob@psnw.com
|
STOP BY AND BUMP THE FUNDRAISER THREAD- It is in the breaking news sidebar!
|
To: rdb3
Ping!
4
posted on
04/09/2004 12:18:35 PM PDT
by
Snowy
(Microsoft: "You've got questions? We've got dancing paperclips.")
To: Bush2000
FYI
5
posted on
04/09/2004 12:23:31 PM PDT
by
Fractal Trader
(Free Republic Energized - - The power of Intelligence on the Internet! Checked by Correkt Spel (TM))
To: Snowy
6
posted on
04/09/2004 12:31:33 PM PDT
by
js1138
(In a minute there is time, for decisions and revisions which a minute will reverse. J Forbes Kerry)
To: Fractal Trader
FYI Wow. I wonder where everyone is? I thought this thread would take off for sure.
7
posted on
04/09/2004 12:32:21 PM PDT
by
Snowy
(Microsoft: "You've got questions? We've got dancing paperclips.")
To: js1138
How did you search? Apparently, very poorly! :)
8
posted on
04/09/2004 12:33:13 PM PDT
by
Snowy
(Microsoft: "You've got questions? We've got dancing paperclips.")
To: Snowy
Don't feel bad. I didn't find it on the first try, but I knew it was there.
9
posted on
04/09/2004 12:37:52 PM PDT
by
js1138
(In a minute there is time, for decisions and revisions which a minute will reverse. J Forbes Kerry)
To: rdb3
May be of interest.
10
posted on
04/09/2004 12:58:48 PM PDT
by
Jalapeno
To: Snowy
Back in the day, the Mac at our local library had a virus (running OS 7). I'm not surprised they've finally decided to target X.
To: Snowy
In the advisory issued Thursday, Intego said a Trojan horse called MP3Concept (MP3Virus.Gen), exploits a weakness in Mac OS X where applications can appear to be other types of files, according to the company.
Late Thursday night, Symantec Corp. said they were also aware of the Trojan, but noted that the virus has not been found in the "wild."
"Symantec Security Response is aware of the MP3Virus.Gen Trojan," a spokesperson from Symantec Security Response, told MacCentral. "It is a proof-of-concept Trojan that does affect the Mac platform, however it is currently not present in the wild. Symantec Security Response will continue to closely monitor this and any other potential threats to the Mac OS X platform."
12
posted on
04/09/2004 1:16:15 PM PDT
by
Bobibutu
To: Bobibutu
Intego came up with this to sell their software.
13
posted on
04/09/2004 2:02:51 PM PDT
by
oolatec
An update, from the same source URL:
(Editor's note: This story corrects an earlier report that stated that the Macintosh operating system had become a target of a malicious Trojan Horse.)
Security experts on Friday slammed security firm Intego for exaggerating the threat of what the company identified as the first Trojan for Mac OS X.
On Thursday, Intego issued a press release saying it had found OS X's first Trojan Horse, a piece of malware called MP3Concept or MP3Virus.Gen that appears to be an MP3 file. If double-clicked and launched in the Finder, the Trojan accesses certain system files, the company claimed.
While Intego said the Trojan was benign, it said future versions could be authored to delete files or hijack infected machines. In the release, and in subsequent telephone interviews, Intego was vague about the purported Trojan's workings and its origins.
On Friday, Mac programmers and security experts accused the company of exaggerating the threat to sell its security software.
"They gave the impression that this is a threat, but it isn't," said Dave Schroeder, a systems engineer with the University of Wisconsin. "It is a benign proof of concept that was posted to a newsgroup. It isn't in the wild, and can't be spread in the wild. It's a non-issue."
"They are spreading FUD to sell their software," said Ryan Kaldari, a programmer from Nashville, Tennessee, referring to the shorthand for fear, uncertainty and doubt.
Rob Rosenberger of Vmyths said he'd seen virus hype many, many times, and if antivirus companies put out alarmist press releases, it's for one of two reasons: "Either they're delusional or they're trying to own the hysteria," he said. "This has been going on for 16 years now."
Rachel Keiserman, a tech-support person at Intego, denied on Friday that her company exaggerated the threat or was attempting a publicity stunt. "It's not a hoax or anything like that." She declined to comment further and pointed to a press release listing questions and answers, which defended the company's decision to classify the issue as a threat.
"While the first versions of this Trojan Horse that Intego has isolated are benign, this technique opens the door to more serious risks," the company said. "The exploit that it uses is both insidious and dangerous, and it is our duty as a vendor of Macintosh security solutions to protect our users. We don't believe in waiting until the damage occurs, unlike some of our competitors."
Technically, the threat isn't a Trojan Horse by the standard definition: It isn't a working piece of malicious code and can't easily be spread to other computers, experts said. Instead, it is a demonstration of a possible threat.
"We're talking about theoreticals here," said Schroeder. "It is possible for OS X to be infested with Trojans, viruses and security issues, but until it is, they aren't justified in raising the alarm."
The demonstration contains a real MP3 file of someone laughing. When launched in jukebox software like iTunes, the MP3 file plays and nothing else happens. But if double-clicked in the Finder, the MP3 file plays and a warning is displayed.
The program can't be spread by e-mail or through a file-sharing network unless it is compressed using software like Aladdin's Stuffit. Failing to compress the MP3 file before sending it renders the software inoperative.
The program exploits a vulnerability that goes back to the original Mac operating system: The system allows programs to appear as a file. Programs can have any icons, names or file extension. In other words, users could be tricked into activating a malicious program, thinking they were opening a document, picture or song.
The vulnerability was exploited several times by Trojans authored for previous versions of the Mac OS.
Mac programmer Bo Lindbergh wrote the threat demonstration and posted a link on the comp.sys.mac.programmer.misc newsgroup on March 20. The link leads to a site in Sweden. The file has now been removed. Lindbergh didn't respond to an e-mail requesting comment.
Symantec on Friday said it was aware of the software. "It is a proof-of-concept Trojan that does affect the Mac platform; however, it is currently not present in the wild," the company said in a statement. It said it would continue to monitor the situation.
Likewise, Apple spokeswoman Natalie Sequeira said the company was investigating. "We are aware of the potential issue identified by Intego and are working proactively to investigate it," she said.
14
posted on
04/09/2004 3:25:45 PM PDT
by
D-fendr
(^_^)
To: Snowy
He who smelt it, dealt it.
I think these anti-virus companies are one of the biggest sources of viruses themselves. Drumming up business just like a firebug on the fire department.
-ccm
15
posted on
04/09/2004 5:18:13 PM PDT
by
ccmay
To: Snowy
All your AppleAddicts have dead computers.
16
posted on
04/10/2004 11:45:32 AM PDT
by
ninenot
(Minister of Membership, TomasTorquemadaGentlemen'sClub)
To: ccmay
I have always thought so.
To: Snowy
18
posted on
04/10/2004 6:42:51 PM PDT
by
MaryFromMichigan
(We childproofed our home, but they are still getting in)
To: Snowy
Damn that Bill Gates and his virus prone wind...
Oh wait... Nevermind...
19
posted on
04/12/2004 2:29:40 PM PDT
by
Trampled by Lambs
("Making Al Gore regret inventing the internet, one post at a time")
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson