New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
OS X - Operating System General OS operation information and support

Intego warns of first Mac OS X Trojan Horse


Post Reply New Thread Subscribe

 
Thread Tools
Murlyn

 
Murlyn's Avatar
 
Member Since: Jun 11, 2003
Location: Mount Vernon, WA
Posts: 4,909
Murlyn is a name known to allMurlyn is a name known to allMurlyn is a name known to allMurlyn is a name known to allMurlyn is a name known to allMurlyn is a name known to allMurlyn is a name known to all
Mac Specs: MacBook Pro 2.6 GHz Core 2 Duo 4GB RAM OS 10.5.2

Murlyn is offline
Source: MacMinute.com

Intego warns of first Mac OS X Trojan Horse
April 8, 2004 - 15:25 EDT Mac security specialist Intego has issued a security warning alerting users of the first Trojan horse to affect Mac OS X. According to the company, this Trojan horse, MP3Concept (MP3Virus.Gen), exploits a weakness in Mac OS X where applications can appear to be other types of files. It has the potential to delete all of a user's personal files; send an e-mail message containing a copy of itself to other users; and infect other MP3, JPEG, GIF or QuickTime files.

My Comments: Yeouch! Im wondering how true this is. I am having a hard time getting onto Intego's site, but wow.. talk about unexpected at least to me that is I knew eventually, but I didn't think this soon! Ok still a bit shocked *hehe* Ok got onto the site.. sounda quite interesting.. hmm...

You know.. you wonder if any of these virus companies create viruses so people will use their software? Just a thought..
QUOTE Thanks
rman

 
rman's Avatar
 
Member Since: Dec 24, 2002
Location: Los Angeles, California
Posts: 12,591
rman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud of
Mac Specs: 2 x 3.0GHz Quad-Core, 6GB OS X 10.6.8 | 15in MacBook Pro 2.2GHz OS X 10.6.8 | 64GB iPad 2 WiFi

rman is offline
What I find interesting is this statement from Intego
Quote:
Originally Posted by Intego
Intego said it has released updated virus definitions for Intego VirusBarrier that protect against this threat.
Now I am not saying it is not possible, but a company that sell virus protection find the virus.

Life isn't about waiting for the storm to pass, It's about learning to dance in the rain!
QUOTE Thanks
witeshark

 
witeshark's Avatar
 
Member Since: Mar 09, 2004
Location: Miami FL
Posts: 2,860
witeshark will become famous soon enough
Mac Specs: G4 1Ghz OS X 10.4.7

witeshark is offline
I also wonder how this trojan horse can execute without permissions... More research seems to point to this as a worthless hoax. :rolleyes:
QUOTE Thanks
rman

 
rman's Avatar
 
Member Since: Dec 24, 2002
Location: Los Angeles, California
Posts: 12,591
rman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud of
Mac Specs: 2 x 3.0GHz Quad-Core, 6GB OS X 10.6.8 | 15in MacBook Pro 2.2GHz OS X 10.6.8 | 64GB iPad 2 WiFi

rman is offline
Think of it like a wrapper. You receive this mp3 tune. You double click it to activate iTunes, but in this case. You are activating an application. Inside of this wrapped application is a audio file and the destructive code. The wrapped application does what ever it is designed to do, and then starts up the the iTunes application in order to play the audio file. You as the end-user give the application permission to run when you double click it. The application does what is does the damage to the system if that is what it is suppose to do and play the audio file. You as the end-user know nothing of what has happen except the audio file is played.

Life isn't about waiting for the storm to pass, It's about learning to dance in the rain!
QUOTE Thanks
witeshark

 
witeshark's Avatar
 
Member Since: Mar 09, 2004
Location: Miami FL
Posts: 2,860
witeshark will become famous soon enough
Mac Specs: G4 1Ghz OS X 10.4.7

witeshark is offline
So far there is precious little evidence that it exists. Nothing in the Norton site or Google It's beginning to really appear to be a hoax!
QUOTE Thanks
TylerMoney
Guest
 
Posts: n/a

well, who knows. there has got to be a virus for mac out there somewhere I imagine. though, it isn't effecting me, or many others.....we'll see what happens I guess. If it turns out to be a hoax...wow....it'll be really funny.
QUOTE Thanks
witeshark

 
witeshark's Avatar
 
Member Since: Mar 09, 2004
Location: Miami FL
Posts: 2,860
witeshark will become famous soon enough
Mac Specs: G4 1Ghz OS X 10.4.7

witeshark is offline
Intego was very fast replying to my e-mail that I think it's a hoax. I still think it is :p
QUOTE Thanks
witeshark

 
witeshark's Avatar
 
Member Since: Mar 09, 2004
Location: Miami FL
Posts: 2,860
witeshark will become famous soon enough
Mac Specs: G4 1Ghz OS X 10.4.7

witeshark is offline
Because the code is written as a "Carbon" application, it does not need to
have the .app extension in order to run, only to have it's hidden file type
set to APPL. Carbon applications can run in either Mac OS X or the classic
Mac OS. The suffix of .mp3 is then just seen as part of the filename rather
than a denotation of file type.

When the infected file is launched by double-clicking, or opening, with the
Mac's Finder, the virus code will begin to run. First it attempts to launch
your iTunes application and load the MP3 file as a data file so that it will
appear to be playing as though nothing is wrong. Since the virus code is
hidden in the ID3 tags, the audio portion will play as normal. The virus
then continues to run, infecting other MP3 files within the same folder, and
attempts to access some of the CoreServices components of the operating
system. It does not appear to

The current virus that has been found only infects MP3 files. But the
concept used in this virus could be used to create variants that work with
other file types as well. Any data file type that allows for a notation
field to be embedded into the file, such as the ID3 tag that is used for
this purpose in the infected MP3 files, could be targeted as another carrier
for future viruses. While there is not a currently known virus that uses
image files as the transport, it is unfortunately a small step for a virus
writer to modify the current MP3Concept Trojan horse to use another file
type as it's transport method. This is why our virus definitions have been
engineered to look for this type of code outside of just MP3 files as a
measure of preparedness.
This came from Intego. What do you all think? I think it's suspicious and not a true threat
QUOTE Thanks
TylerMoney
Guest
 
Posts: n/a

this could get ugly :eek:

but I'm looking forward to the outcome :rolleyes:
QUOTE Thanks
witeshark

 
witeshark's Avatar
 
Member Since: Mar 09, 2004
Location: Miami FL
Posts: 2,860
witeshark will become famous soon enough
Mac Specs: G4 1Ghz OS X 10.4.7

witeshark is offline
Heh - I don't think it's squat it's garbage, think permissions. Period
QUOTE Thanks
ApplejustWorks

 
Member Since: Dec 28, 2003
Location: Long Island, NY
Posts: 911
ApplejustWorks is on a distinguished road
Mac Specs: 15" MacBook Pro & 23" ACD

ApplejustWorks is offline
They must not be making to much money from Virus Barrier if they are so deparate that they need to find a threat!(or in this case, maybe they even created it....I mean Norton or Mcafee hasn't said anything about it..) :eek:
QUOTE Thanks
KLank
Guest
 
Posts: n/a

Well, reading through the initial link from Murlyn it did sound to me like they wrote the concept worm. Granted to damage the SYSTEM it would need to prompt for permission, but most users would blindly type thier passwords. But even if they didn't YOU have permissions to delete your files. So this could destroy your DATA which could be far more valuable then the time it would take to fix or rebuild your OS.

Just food for thought.
QUOTE Thanks
rman

 
rman's Avatar
 
Member Since: Dec 24, 2002
Location: Los Angeles, California
Posts: 12,591
rman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud of
Mac Specs: 2 x 3.0GHz Quad-Core, 6GB OS X 10.6.8 | 15in MacBook Pro 2.2GHz OS X 10.6.8 | 64GB iPad 2 WiFi

rman is offline
KLank, I think your personal data would be more in peril, than the system files. As you stated you would need to enter a pass word for removal system files. Whereas personal file you have permission to remove then. So the question is what files would a stranger want to delete that would hurt you. I think the most damage that can be don't is to the user id that is currently logged in.

Life isn't about waiting for the storm to pass, It's about learning to dance in the rain!
QUOTE Thanks
KLank
Guest
 
Posts: n/a

That's exactly what I was saying. It can delete the users personal data which many times can be the most important. If it wipes out the users home directory that could be a BIG problem for some people.
QUOTE Thanks
witeshark

 
witeshark's Avatar
 
Member Since: Mar 09, 2004
Location: Miami FL
Posts: 2,860
witeshark will become famous soon enough
Mac Specs: G4 1Ghz OS X 10.4.7

witeshark is offline
The more I look into it, the more it appears to be a hoax. I'm not at all concerned :p
QUOTE Thanks

Post Reply New Thread Subscribe


« Action GoMac-like app. for Panther? | 2 harddrives puzzle »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
iPod for Windows and Mac? MacAddikt iPod Hardware and Accessories 12 03-31-2007 09:33 AM
pc to mac.. now back to pc.. my g5 1.6 biggest headache! dankim723 Apple Desktops 25 05-14-2005 11:05 AM
Your Mac Life tonight... schweb Schweb's Lounge 0 03-26-2003 12:21 PM
Mac Users Get More ISP Choices schweb Apple Rumors and Reports 1 03-06-2003 10:57 AM

All times are GMT -4. The time now is 09:40 PM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?