Mac OS X Trojan Horse Infects MP3s
frequnkn writes "The Mac News Network reports that Intego has anounced an update to their anti-virus app for snagging the first Mac OS X Trojan horse, MP3Concept (MP3Virus.Gen), which exploits a weakness in Mac OS X where applications can appear to be other types of files."
I suppose I'll start to panic as soon as apple acknowledges it, rather than take the word of a company trying to sell me anti-virus software.
What this article doesn't mention is how (or if) the code gets around the normal OS X restrictions requiring that one enters an administrator's password. Even if applications can be hidden, I question the amount of damage they can do... Surely nobody will enter an admin password requested by an ".mp3" file.
Besides, this isn't a virus so much as a security flaw. Why pay $60 for software when Apple will surely release a patch soon?
Oh, and for all the PC assholes who are currently saying "In your face, mac zealots" or whatnot--nobody claims that OS X is bulletproof--no computer system is. Nevertheless, it seems to be a lot more secure than, say, Windows, which has security problems all of the time.
Heh... Interesting that the first trojan horse/virus yet to be seen for OS X uniquely exploits the discordance between the "Classic" pre-OS X way of specifying file types (File Type/Creator metadata) and the new, inherited-from-Windows, file extension method.
.mp3 extension... the Finder thus displays an MP3 icon for it yet launches it as an application when the user double-clicks.
The basic gist of this trojan from what I've read so far (there is very little information aside from what Intego has on their own web site) is that it is a file with type AAPL (executable application) but with an
What this basically comes down to, then, is the Finder making the wrong decision as to how to present the file to the user. Specifically that it presents it in one way, but acts upon it (when double-clicked) in the other. Whether it should first obey the deprecated file type metadata or the file extension is left to be argued about... what's certain is that it should always behave with the file the same way it presents it. I predict a bug fix for this will be in OS X shortly.
It's news because it is the first Mac OS X specific virus/trojan in existence. No one claimed OS X was immune to them, just that they hadn't occurred yet. Now they have. That fact is news.
'Sensible' is a curse word.
The preview of the file shows no play functionality like an ordinary mp3 file but reads 'Kind: Application'. It may mislead users but it is simply spotted (with the naked eye).
Oh wait, it is. And it doesn't.
Don't blame me; I'm never given mod points.
Well, it's been all of these things for what, about thirteen years now? When exactly are you expecting this massive wave of exploitation to take place?
It's installed on everyone's machine, it's very hard to remove
How exactly is dragging it into the trash to remove it hard?
it's not open source
Yeah, like that matters, when you consider the massive numbers of WMA and Real viruses.
it autoplays content on the web
Easy to turn off in preferences.
it's a big black box waiting to be exploited.
It's been around for what, a decade? I guess we'll have to wait some more for this particular exploit to happen.
Thanks for playing, please try again...
Average Windows users know command lines?! What kind of fucked up world do you live in?
The average Windows user doesn't know how to map a network drive; doesn't know how to properly unmount a USB Storage Device in Win2k; doesn't know how to CANCEL PRINT JOBS if there isn't an annoying window from the bullshit software that pops up when you print.
The average Windows user doesn't know how to format a disk; doesn't know how to look at a full mail header, doesn't know how to Mail Merge.
The average Windows user doesn't differentiate between hard disk and "memory"; doesn't know how to clear the Recent Documents; doesn't know how to change their password.
The average Windows user hasn't used net send, ping, or even winipcfg. They don't know where to change the resolution on their monitor; they only change the Background from a right-click menu in Internet Explorer.
They have never intentionally used an F-Key that wasn't modded to do something special on their multimedia keyboard. They have no idea that Ctrl-F6 will switch between panes, so you don't need to click back and forth when designing a table in Access.
They don't know that Print Screen copies their screen to the Clipboard. Hell, they don't know what the Clipboard is.
The average Windows user doesn't know what Temp files are; has no concept of file permissions, can't make a Pivot Table; doesn't know how to uninstall programs; Has at least two things in their system tray they can't identify; has never performed a full backup of their data; and certainly has never touched their Registry.
Even tech support often doesn't know enough about the command line, like using "~1" doesn't mean you don't need the extension, or that Program Folder 8.1.1 becomes Progra~1.1 or that you can type the whole damn thing in quotes.
Maybe ten years ago the average Windows user knew something about the command line, but not anymore.