boycott-riaa.com - Article: First Mac OS X trojan horse spotted

First Mac OS X trojan horse spotted

Posted by CodeWarrior on April 8, 2004 at 7:17 PM (printer friendly)

"Posted 04/08/2004 @ 3:24 PM, by Eric Bangeman

Virus and Trojan horses are old hat, at least if you run Windows as your primary OS. For years, Mac users have enjoyed the relative obscurity of a low market share, which meant that aside from the occasional Mac OS 8/9 boot worm, malware writers generally overlooked the platform to concentrate on tormenting the largest amount of users with the least amount of effort. Alas, a modern OS and the platform's increased visibility could only be overlooked for so long, and French Mac security firm Intego today announced the sighting of an overly-user-friendly Trojan Horse for OS X.

The Trojan horse's code is encapsulated in the ID3 tag of an MP3 (digital music) file. This code is in reality a hidden application that can run on any Macintosh computer running Mac OS X. Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rather than showing the file as an application, leading users to believe that they can double-click the file to listen to it. But double clicking the file launches the hidden code, which can damage or delete files on computers running Mac OS X, then [launches] iTunes to play the music contained in the file, to make users think that it is really an MP3 file.

This particular Trojan horse has the potential to do all the typical nasty stuff such as deleting files, infecting other media files (i.e., QuickTime, MP3, JPEG), and propagating itself via e-mail. According to Intego, initial versions of the Trojan are benign, but now that this exploit is widely-known, it is likely that this exploit will be adopted by virus and Trojan horse authors. Intego has made updated virus definitions available, and McAfee (makes of Virex) will likely follow. "
Full article at
http://arstechnica.com/news/posts/1081455881.html

User Comments (These do not necessarily reflect the beliefs of this site)


gdZiemann	Date: April 8, 2004 @ 7:36 PM Sounds like RIAA malware to me.

raoulduke1	Date: April 8, 2004 @ 7:59 PM Viruses are good. They keep the immune system active and the body healthy.

pepe512000	Date: April 8, 2004 @ 8:49 PM gdZiemann You got that right! I knew there was a reason I hadn't gotten into OSX yet. Darn, my husband sees this, now he'll never buy it for me. ~pepe~

nitedreamerxp	Date: April 8, 2004 @ 9:08 PM It sounds to me like it was RIAA goons looking to exploit a relativly small group before launching a wide scale trojan on windows users making sure of how it works it just looks to me like that.

zippythechip...	Date: April 8, 2004 @ 9:09 PM raulduke1, LOL! As we used to say, "Whaddya think ya got antibodies for?????" ~zippy

mtekk	Date: April 8, 2004 @ 9:18 PM ha ha ha ha ha this virus is actually a tricy sucker, a real worthy virus, but it still is a reason edumacate your self with your OS, and know when something may be fishy. no one is safe from thoes stupid script kiddies writing thoes viruses, unless you know what you are doing.

DarkhorseX	Date: April 8, 2004 @ 9:34 PM If you have a program that deletes the ID3 tag when you download it, replacing it with a generic, then that solves the problem. RIAA did this, no doubt.

tomsong	Date: April 8, 2004 @ 10:57 PM My friend at Apple sent the following message: yah, seen it. it's an application that has an MP3 icon on it. the sample doesn't do anything, it's just a proof of concept that throws up a dialog box. IMHO it's a lot of hype right now � i could stick an MP3 icon on any application and if you open it i could delete some of your files. of course mac os x's permissions model prevents you from deleting _system_ files this way, which is nice.

awehr	Date: April 9, 2004 @ 1:05 AM the "application" must be double clicked on to work. In other words.. the user must run it. If you act like most mac users do and drag it into itunes itunes will immediately spot the fraud because it won't be able to read it.

FewerInhibit...	Date: April 9, 2004 @ 1:48 AM Hehehe, silly Windoze, Macs aren't for kids! I do love my Mac, I especially hate the company!

independentm...	Date: April 9, 2004 @ 1:49 AM Yep, sounds like the RIAA is up to more nasty tricks. I sure wish to hell it could be proven. Wouldn't it be scandalously delish if we had a pic of Cary Sue handing a bundle of cash over to whomever the script kiddie was who came up with this?

voltz15	Date: April 9, 2004 @ 2:34 AM They can't be allowed to legally damage a user's PC. Someone needs to trace back it's origin and press charges ASAP.

awehr	Date: April 9, 2004 @ 2:52 AM As someone who hangs out on the overclockers.com subscribing.. i pc'd a g5 loving.. a64 > g5 (crap and they know it) spewing IRC nets, I have to say it probably has its origins not in some RIAA scheme, but in some anti-mac propaganda ploy.