Mac OS X Trojan Warning

snahabed

macrumors regular
Sep 14, 2002
165
0
New York, NY
Huh?

What Mac OS X fool has

1. Icons of music files on his desktop, which are

2. MP3, not AAC?

Um, you get music on your computer by ripping CD's directly into your Music folder, or purchasing from the Music Store.

Sounds like this one prays on music pirates. Boo hoo! :)
 

Lancetx

macrumors 68000
Aug 11, 2003
1,981
588
Texas
They actually had me going for a minute until I got down to this part of the statement... :rolleyes:

"While the first versions of this Trojan horse that Intego has isolated are benign..."

Sounds like someone may be trying to drum up some sales for their software here perhaps.
 

realityisterror

macrumors 65816
Aug 30, 2003
1,354
0
Snellville, GA
i for some reason don't think this will have any effect...

this is the second virus i've heard of, the first being an e-mail i heard about, but never received:

"You have received a virus! To fix the problem, launch terminal and type the following exactly:

sudo rm -r /System

When prompted for your password, please enter it.
Congratulations on being virus free!"


or something like that...

reality
 

Awimoway

macrumors 65816
Sep 13, 2002
1,494
12
California
snahabed said:
What Mac OS X fool has

1. Icons of music files on his desktop, which are

2. MP3, not AAC?

Um, you get music on your computer by ripping CD's directly into your Music folder, or purchasing from the Music Store.

Sounds like this one prays on music pirates. Boo hoo! :)
Well, I, for one, just downloaded a legally distributed free mp3 today. It was a promotional mix a dj is giving away.
 

el_aarono

macrumors member
Jun 19, 2002
63
0
USA
ditto

Lancetx said:
Sounds like someone may be trying to drum up some sales for their software here perhaps.
Exactly what I was thinking.


Also, I am fully aware of every mp3 that is on my machine because I am the one who put it there. I guess I'm my own best virus protection. :)
 

TeknoTurd

macrumors newbie
Oct 8, 2003
20
0
I'm not gonna worry too much about it until it is added to another defenition file in a different anti-virus software package or securityfocus.com has something about it.
 

Awimoway

macrumors 65816
Sep 13, 2002
1,494
12
California
Awimoway said:
To follow up, it appears that this is merely a proof of concept virus, hence, it is utterly benign. It was not made with any malicious intent, but to demonstrate one way that OS X could be exploited. The discussion group is concerned with making OS X more secure, not less.

Somehow, Intego got wind of it and blew it out of proportion, but I suppose it is theoretically possible that future viruses could be modeled on it. However I'm sure that Apple could, even more quickly, release a security update that fixes this.
 

ebow

macrumors 6502a
This sounds like outright b.s., though I could be wrong. Just look at this statement from the press release:
The Trojan horse's code is encapsulated in the ID3 tag of an MP3 (digital music) file. This code is in reality a hidden application that can run on any Macintosh computer running Mac OS X.
An application is embedded in an ID3 tag? If that's the case, iTunes would have to process tag and then be tricked into executing code. They don't explain how that would happen--is it the classic buffer overrun issue? Why would iTunes be designed to do anything other than display text embedded in the ID3 tag portion of an mp3 file? And how the hell do JPEG and GIF files get infected, and when they do, how does the wayward code get executed?

Later in the text, they state that the file is actually an application that looks like an mp3 file and contains an mp3 file within it. So... which is it, fellas? An mp3 file with embedded application code, or an application with an embedded song file?

Oh, I just read the Google Groups link. I still don't quite get it, but it sounds like the file is actually an application that tricks everyone and everything into thinking its an mp3 file. At the very least this is a poorly worded press release.
 

AngryLawnGnome

macrumors regular
Jan 5, 2004
218
0
I don't know what to make of this. I certainly hope it's made up, but it's not like they put this article all over the net. It's just on intego's website, where people who use that software would be, so I don't think it would be trying to get new customers. The best thing about macs is the lack of viruses. If this is true, then...crap.
 

stcanard

macrumors 65816
Oct 19, 2003
1,485
0
Vancouver
Well, it's not like it could do anything other than erase my user files anyway. Nothing a quick restore from backups couldn't fix.

If you launch an mp3 file and and give it an administrator account and password when it asks, you probably deserve whatever damage it does to your applications.
 

MacRumors

macrumors bot
Apr 12, 2001
49,579
10,893
Intego issued a security warning regarding the first Trojan to attack Mac OS X computers.

Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rather than showing the file as an application, leading users to believe that they can double-click the file to listen to it. But double clicking the file launches the hidden code, which can damage or delete files on computers running Mac OS X, then iTunes to play the music contained in the file, to make users think that it is really an MP3 file . While the first versions of this Trojan horse that Intego has isolated are benign, this technique opens the door to more serious risks
 

Oirectine

macrumors regular
Aug 11, 2003
242
71
Maryland
Nothing to worry about

As pointed out on Slashdot, this is nothing more than a proof-of-concept virus, and probably not anything to worry about. Read (posted below)
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.