Quantcast

First Native Trojan Horse That Attacks Mac OS X Found

N8 v2.0

Not the sharpest tool in the shed
Oct 18, 2002
11,003
149
The Cleft of Venus
First Native Trojan Horse That Attacks Mac OS X Found
Wired

Thanks to Apple Computer's rising star in the world of digital music, Mac OS X has become a target for malware authors.

A Trojan horse, called MP3Concept or MP3Virus.gen, has been discovered that masquerades as an MP3 file. It hides in ID tags of the file and becomes activated when unwary users click on it, expecting to play a digital song.

"This is the first native Mac OS virus we've found," said Brian Davis, U.S. sales manager for Intego, a Mac security and privacy firm that discovered the Trojan.

The Trojan is benign, according to Intego. If launched, it doesn't do anything except access files in the System folder. But Intego warned that the code could be modified easily to delete files or hijack a machine and replicate itself through e-mail.

"This is likely a test Trojan showing these things are possible," said Davis. "There's definitely an open door we don't want to leave open."

The Trojan appears to be the first malicious code for Mac OS X, which was launched in March 2001.

Until now, Mac users have prided themselves on running a system that has been largely virus-free. Few Mac OS X users run antivirus software, or are wary of double-clicking files they've downloaded or received in e-mail.

That could change quickly. Nearly half of the executable files downloaded through Kazaa contain malicious code like viruses and Trojan horses, according to a recent study by security firm TruSecure. Out of 4,778 files downloaded in one month for the study, nearly half contained various types of nefarious code.

Security consultant and virus expert Ken Vanwyk, said there was nothing special protecting Mac OS X, or Linux for that matter, from malicious code.

"They're all susceptible to viruses and Trojans, just as Windows is," he said. "They just haven’t been targeted yet."

Vanwyk cautioned OS X users not to open e-mail attachments unless they were expecting them.

"If OS X users are being careful, I don’t see they should be rushing out to buy antivirus software," he said. "But if it goes the way of Windows, anti-virus product is in their future."

Davis said the Trojan most likely appeared because of Apple's growing influence in digital music.

"Given Apple's previous market share, OS X wasn't a challenge," he said. "As Apple becomes more visible, it's more of an attractive target."

The Trojan appears to be an ordinary MP3 file. In fact, it will play music if launched from inside a digital jukebox like Apple's iTunes. The song plays and the Trojan isn't activated. But if the file is double-clicked in the Finder, the Trojan is launched. The file also launches iTunes and plays the song as normal.

Intego publicized the Trojan on Thursday, though it has been online since March 20, according to an examination of its source code.

The Trojan is possibly in the wild. It was first reported to the firm's Paris office by customers in Europe and the United States, Davis said, which suggests it is circulating. Davis didn’t know if the Trojan was on file-sharing networks.

The Trojan's profile is included in the firm's updated virus definitions for its OS X security product, VirusBarrier.

An Apple spokeswoman said the company was aware of Intego's report and is investigating.
 

syadasti

i heart mac
Apr 15, 2002
12,690
290
VT
Originally posted by ET_SoCal
Seeing this more & more here...
These days there is less and less to differentiate themselves from the rest of the market - they borrow most of their technology from other vendors and their OS is just another flavor of BSD. However, they do have fancy marketing

Both plaforms work fine and it really only comes down to price and performance - both of which Apple has yet to surpass the the rest on...
 

Toshi

butthole powerwashing evangelist
Oct 23, 2001
39,720
8,732
Originally posted by syadasti
they borrow most of their technology from other vendors and their OS is just another flavor of BSD
darwin == bsd, yes. but how can you even say this about os x as a whole when quartz, aqua, carbon, cocoa are all shared only with nextstep if with anyone?

conclusion: you're full of it yet again.
 

syadasti

i heart mac
Apr 15, 2002
12,690
290
VT
Originally posted by Toshi
darwin == bsd, yes. but how can you even say this about os x as a whole when quartz, aqua, carbon, cocoa are all shared only with nextstep if with anyone?

conclusion: you're full of it yet again.
Quit the cognitive dissonance... Brand loyalty is pointless - I've gone from motorola/apple, to intel, to cyrix, to intel, to amd, to intel with no regrets. I've used them all - they are just tools like a wrench from Sears or Snap-On :rolleyes:

Dressing up BSD impresses some people but isn't anything new/special technically.

The market says you're (both you and Apple) are full of it, as their marketshare has dropped to less than 2% for the first time ever ;)
 

Toshi

butthole powerwashing evangelist
Oct 23, 2001
39,720
8,732
how about addressing my points? with cocoa, carbon, aqua, display postscript, etc. how can you claim that os x is "just another flavor of bsd"? what bsd variants offer those technologies?

(nb: and these technologies truly are central to os x as users know it -- no one that i know runs darwin/x11/none of the "frills" above, even if that's possible)
 

Chunky Munkey

Herpes!
May 10, 2006
447
0
is ALWAYS key I say...
If someone was found creating computer viruses, do you think others would follow and continue doing it if the penalty was getting your hands cut off? That would go for hackers and credit card identity fraud people that do fraudulent email phishing online too...
 

binary visions

The voice of reason
Jun 13, 2002
22,162
1,261
NC
Chunky Munkey said:
If someone was found creating computer viruses, do you think others would follow and continue doing it if the penalty was getting your hands cut off? That would go for hackers and credit card identity fraud people that do fraudulent email phishing online too...
I think spam should carry the same consequences.
 

ALEXIS_DH

Tirelessly Awesome
Jan 30, 2003
6,197
829
Lima, Peru, Peru
Chunky Munkey said:
If someone was found creating computer viruses, do you think others would follow and continue doing it if the penalty was getting your hands cut off? That would go for hackers and credit card identity fraud people that do fraudulent email phishing online too...
damn... you´ve been digging some old old threads...
sleepless night?
 

Pau11y

Turbo Monkey
Wow the damage a virus can do to the Mac community...! If this is a test, then one harsh and solid piece of code can do an enormous amount of damage to the unsuspecting and, more often than not, clueless Mac users.
Not that I wish ill-will on ppl, but hey, more work for us IT geeks :)
Hey, are there any version of Mac OS that will run on AMD64s? Anyone?
 

syadasti

i heart mac
Apr 15, 2002
12,690
290
VT
Pau11y said:
Wow the damage a virus can do to the Mac community...! If this is a test, then one harsh and solid piece of code can do an enormous amount of damage to the unsuspecting and, more often than not, clueless Mac users.
Not that I wish ill-will on ppl, but hey, more work for us IT geeks :)
Hey, are there any version of Mac OS that will run on AMD64s? Anyone?
You can run a hacked OSX 10.4.6 on AMD64.
 

binary visions

The voice of reason
Jun 13, 2002
22,162
1,261
NC
Aww, dammit, it's a stinkyboy thread so nobody else can see it :p

I posted the same comic in stinkyboy's "Get a Mac" thread a couple months ago.

:mumble: