First Native Trojan Horse That Attacks Mac OS X Found
Wired
Thanks to Apple Computer's rising star in the world of digital music, Mac OS X has become a target for malware authors.
A Trojan horse, called MP3Concept or MP3Virus.gen, has been discovered that masquerades as an MP3 file. It hides in ID tags of the file and becomes activated when unwary users click on it, expecting to play a digital song.
"This is the first native Mac OS virus we've found," said Brian Davis, U.S. sales manager for Intego, a Mac security and privacy firm that discovered the Trojan.
The Trojan is benign, according to Intego. If launched, it doesn't do anything except access files in the System folder. But Intego warned that the code could be modified easily to delete files or hijack a machine and replicate itself through e-mail.
"This is likely a test Trojan showing these things are possible," said Davis. "There's definitely an open door we don't want to leave open."
The Trojan appears to be the first malicious code for Mac OS X, which was launched in March 2001.
Until now, Mac users have prided themselves on running a system that has been largely virus-free. Few Mac OS X users run antivirus software, or are wary of double-clicking files they've downloaded or received in e-mail.
That could change quickly. Nearly half of the executable files downloaded through Kazaa contain malicious code like viruses and Trojan horses, according to a recent study by security firm TruSecure. Out of 4,778 files downloaded in one month for the study, nearly half contained various types of nefarious code.
Security consultant and virus expert Ken Vanwyk, said there was nothing special protecting Mac OS X, or Linux for that matter, from malicious code.
"They're all susceptible to viruses and Trojans, just as Windows is," he said. "They just havent been targeted yet."
Vanwyk cautioned OS X users not to open e-mail attachments unless they were expecting them.
"If OS X users are being careful, I dont see they should be rushing out to buy antivirus software," he said. "But if it goes the way of Windows, anti-virus product is in their future."
Davis said the Trojan most likely appeared because of Apple's growing influence in digital music.
"Given Apple's previous market share, OS X wasn't a challenge," he said. "As Apple becomes more visible, it's more of an attractive target."
The Trojan appears to be an ordinary MP3 file. In fact, it will play music if launched from inside a digital jukebox like Apple's iTunes. The song plays and the Trojan isn't activated. But if the file is double-clicked in the Finder, the Trojan is launched. The file also launches iTunes and plays the song as normal.
Intego publicized the Trojan on Thursday, though it has been online since March 20, according to an examination of its source code.
The Trojan is possibly in the wild. It was first reported to the firm's Paris office by customers in Europe and the United States, Davis said, which suggests it is circulating. Davis didnt know if the Trojan was on file-sharing networks.
The Trojan's profile is included in the firm's updated virus definitions for its OS X security product, VirusBarrier.
An Apple spokeswoman said the company was aware of Intego's report and is investigating.
Wired
Thanks to Apple Computer's rising star in the world of digital music, Mac OS X has become a target for malware authors.
A Trojan horse, called MP3Concept or MP3Virus.gen, has been discovered that masquerades as an MP3 file. It hides in ID tags of the file and becomes activated when unwary users click on it, expecting to play a digital song.
"This is the first native Mac OS virus we've found," said Brian Davis, U.S. sales manager for Intego, a Mac security and privacy firm that discovered the Trojan.
The Trojan is benign, according to Intego. If launched, it doesn't do anything except access files in the System folder. But Intego warned that the code could be modified easily to delete files or hijack a machine and replicate itself through e-mail.
"This is likely a test Trojan showing these things are possible," said Davis. "There's definitely an open door we don't want to leave open."
The Trojan appears to be the first malicious code for Mac OS X, which was launched in March 2001.
Until now, Mac users have prided themselves on running a system that has been largely virus-free. Few Mac OS X users run antivirus software, or are wary of double-clicking files they've downloaded or received in e-mail.
That could change quickly. Nearly half of the executable files downloaded through Kazaa contain malicious code like viruses and Trojan horses, according to a recent study by security firm TruSecure. Out of 4,778 files downloaded in one month for the study, nearly half contained various types of nefarious code.
Security consultant and virus expert Ken Vanwyk, said there was nothing special protecting Mac OS X, or Linux for that matter, from malicious code.
"They're all susceptible to viruses and Trojans, just as Windows is," he said. "They just havent been targeted yet."
Vanwyk cautioned OS X users not to open e-mail attachments unless they were expecting them.
"If OS X users are being careful, I dont see they should be rushing out to buy antivirus software," he said. "But if it goes the way of Windows, anti-virus product is in their future."
Davis said the Trojan most likely appeared because of Apple's growing influence in digital music.
"Given Apple's previous market share, OS X wasn't a challenge," he said. "As Apple becomes more visible, it's more of an attractive target."
The Trojan appears to be an ordinary MP3 file. In fact, it will play music if launched from inside a digital jukebox like Apple's iTunes. The song plays and the Trojan isn't activated. But if the file is double-clicked in the Finder, the Trojan is launched. The file also launches iTunes and plays the song as normal.
Intego publicized the Trojan on Thursday, though it has been online since March 20, according to an examination of its source code.
The Trojan is possibly in the wild. It was first reported to the firm's Paris office by customers in Europe and the United States, Davis said, which suggests it is circulating. Davis didnt know if the Trojan was on file-sharing networks.
The Trojan's profile is included in the firm's updated virus definitions for its OS X security product, VirusBarrier.
An Apple spokeswoman said the company was aware of Intego's report and is investigating.