Forums
New posts
Articles
Product Reviews
Policies
FAQ
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Menu
Log in
Register
Install the app
Install
Forums
Apple Computing Products:
macOS - Operating System
Intego warns of first Mac OS X Trojan Horse
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="witeshark" data-source="post: 27589" data-attributes="member: 3865"><p><span style="color: darkred">Because the code is written as a "Carbon" application, it does not need to</span></p><p><span style="color: darkred">have the .app extension in order to run, only to have it's hidden file type</span></p><p><span style="color: darkred">set to APPL. Carbon applications can run in either Mac OS X or the classic</span></p><p><span style="color: darkred">Mac OS. The suffix of .mp3 is then just seen as part of the filename rather</span></p><p><span style="color: darkred">than a denotation of file type.</span></p><p><span style="color: darkred"></span></p><p><span style="color: darkred">When the infected file is launched by double-clicking, or opening, with the</span></p><p><span style="color: darkred">Mac's Finder, the virus code will begin to run. First it attempts to launch</span></p><p><span style="color: darkred">your iTunes application and load the MP3 file as a data file so that it will</span></p><p><span style="color: darkred">appear to be playing as though nothing is wrong. Since the virus code is</span></p><p><span style="color: darkred">hidden in the ID3 tags, the audio portion will play as normal. The virus</span></p><p><span style="color: darkred">then continues to run, infecting other MP3 files within the same folder, and</span></p><p><span style="color: darkred">attempts to access some of the CoreServices components of the operating</span></p><p><span style="color: darkred">system. It does not appear to</span></p><p><span style="color: darkred"></span></p><p><span style="color: darkred">The current virus that has been found only infects MP3 files. But the</span></p><p><span style="color: darkred">concept used in this virus could be used to create variants that work with</span></p><p><span style="color: darkred">other file types as well. Any data file type that allows for a notation</span></p><p><span style="color: darkred">field to be embedded into the file, such as the ID3 tag that is used for</span></p><p><span style="color: darkred">this purpose in the infected MP3 files, could be targeted as another carrier</span></p><p><span style="color: darkred">for future viruses. While there is not a currently known virus that uses</span></p><p><span style="color: darkred">image files as the transport, it is unfortunately a small step for a virus</span></p><p><span style="color: darkred">writer to modify the current MP3Concept Trojan horse to use another file</span></p><p><span style="color: darkred">type as it's transport method. This is why our virus definitions have been</span></p><p><span style="color: darkred">engineered to look for this type of code outside of just MP3 files as a</span></p><p><span style="color: darkred">measure of preparedness.</span> <span style="color: green">This came from Intego. What do you all think? I think it's suspicious and not a true threat</span> <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite2" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" /></p></blockquote><p></p>
[QUOTE="witeshark, post: 27589, member: 3865"] [color=darkred]Because the code is written as a "Carbon" application, it does not need to have the .app extension in order to run, only to have it's hidden file type set to APPL. Carbon applications can run in either Mac OS X or the classic Mac OS. The suffix of .mp3 is then just seen as part of the filename rather than a denotation of file type. When the infected file is launched by double-clicking, or opening, with the Mac's Finder, the virus code will begin to run. First it attempts to launch your iTunes application and load the MP3 file as a data file so that it will appear to be playing as though nothing is wrong. Since the virus code is hidden in the ID3 tags, the audio portion will play as normal. The virus then continues to run, infecting other MP3 files within the same folder, and attempts to access some of the CoreServices components of the operating system. It does not appear to The current virus that has been found only infects MP3 files. But the concept used in this virus could be used to create variants that work with other file types as well. Any data file type that allows for a notation field to be embedded into the file, such as the ID3 tag that is used for this purpose in the infected MP3 files, could be targeted as another carrier for future viruses. While there is not a currently known virus that uses image files as the transport, it is unfortunately a small step for a virus writer to modify the current MP3Concept Trojan horse to use another file type as it's transport method. This is why our virus definitions have been engineered to look for this type of code outside of just MP3 files as a measure of preparedness.[/color] [color=green]This came from Intego. What do you all think? I think it's suspicious and not a true threat[/color] ;) [/QUOTE]
Verification
Name this item. 🍎
Post reply
Forums
Apple Computing Products:
macOS - Operating System
Intego warns of first Mac OS X Trojan Horse
Top
