First Mac OS X Trojan Horse: MP3Concept

[seraph]

INTEGO SECURITY ALERT


Intego Announces Protection against the First Mac OS X Trojan Horse: MP3Concept




April 8, 2004 – Intego, the Macintosh security specialist, has just released updated virus definitions for Intego VirusBarrier to protect Mac users against the first Trojan horse that affects Mac OS X. This Trojan horse, MP3Concept (MP3Virus.Gen), exploits a weakness in Mac OS X where applications can appear to be other types of files.


The Trojan horse's code is encapsulated in the ID3 tag of an MP3 (digital music) file. This code is in reality a hidden application that can run on any Macintosh computer running Mac OS X.


Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rather than showing the file as an application, leading users to believe that they can double-click the file to listen to it. But double clicking the file launches the hidden code, which can damage or delete files on computers running Mac OS X, then iTunes to play the music contained in the file, to make users think that it is really an MP3 file . While the first versions of this Trojan horse that Intego has isolated are benign, this technique opens the door to more serious risks.



This Trojan horse has the potential to do any of the following:
- Delete all of a user's personal files
- Send an e-mail message containing a copy of itself to other users
- Infect other MP3, JPEG, GIF or QuickTime files


Due to the use of this technique, users can no longer safely double-click MP3 files in Mac OS X. This same technique could be used with JPEG and GIF files, though no such cases of infected graphic files have yet been seen.


Intego VirusBarrier eradicates this Trojan horse, and Intego remains diligent to ensure that VirusBarrier will also eradicate any future viruses that may try to exploit this same technique. All Intego VirusBarrier users should make sure that their virus definitions are up to date by using the NetUpdate preference pane in the Mac OS X System Preferences.

http://www.intego.com/news/pr40.html

[seraph]

Apple responds to Trojan horse advisory
Friday, 09 April 2004, 21:34 GMT

Apple Computer Inc. responded on Friday to an advisory issued by security software-maker Intego Inc. on Thursday. Apple said they were aware of the issue outlined by Intego and that they were investigating. "We are aware of the potential issue identified by Intego and are working proactively to investigate it," said Apple in a statement given to MacCentral. "While no operating system can be completely secure from all threats, Apple has an excellent track record of identifying and rapidly correcting potential vulnerabilities."

In the advisory issued Thursday, Intego said a Trojan horse called MP3Concept (MP3Virus.Gen), exploits a weakness in Mac OS X where applications can appear to be other types of files, according to the company.

Late Thursday night, Symantec Corp. said they were also aware of the Trojan, but noted that the virus has not been found in the "wild."

http://www.ebcvg.com/news.php?id=2151

[seraph]

more on the same:

http://www.apple-x.net/modules.php?op=modload&name=News&file=article&sid=872&mode=thread&order=0&thold=0

[Cyxeris]

Does this mean the honeymoon is over?

[paul e.]

mac os x is a hackers wet dream...also apple is annoying more and more people with their happy little corporate Ilife Ichat Icrap thingies..
i expected more hackers to attack mac...

[elektro80]

Hehe... well.. It had to happen someday. However, the way OS X is constructed this can probably be patched in a way that also closes similar holes. It is interesting that this one has not been found in the wild yet.
When it comes to secutity holes, this is a mater of how you define the term. UNIX is a pretty secure system, but that depends of course on how the various services on the computer are set up. OS X leaves none of the nasty services on by default and the way the setup procedure is done by Apple, you boot into an admin user account which is not root. Apple has also integrated a new "control panel" which is a nice interface for novice users. This "control panel" shows which services are running and which are not.. and this interface is paired with a firewall interface which is pretty easy to understand too.
I guess a lot of trojans will show up soon, exploiting Applescript and the "Apple flavored application installation procedure". This will happen... soon... but the "holes" will be pretty easy to fix.

[seraph]

Virus tries to take bite out of Apple's security

(CNN) -- The first Trojan horse virus to target Apple's latest operating system was discovered this week, and it appears to prey on the popularity of Apple's popular music service. However, it has not been released into the "wild" or on the Internet, and therefore remains low risk.

[paul e.]

anything 'popular' is a favourite target of hackers...now that apple is once again 'cool'..look out