Slashdot Mirror


Mac OS X Trojan Horse Infects MP3s

frequnkn writes "The Mac News Network reports that Intego has anounced an update to their anti-virus app for snagging the first Mac OS X Trojan horse, MP3Concept (MP3Virus.Gen), which exploits a weakness in Mac OS X where applications can appear to be other types of files."

10 of 621 comments (clear)

  1. Well, by MuckSavage · · Score: 5, Insightful

    I suppose I'll start to panic as soon as apple acknowledges it, rather than take the word of a company trying to sell me anti-virus software.

  2. How does this work? by dartmouth05 · · Score: 5, Insightful

    What this article doesn't mention is how (or if) the code gets around the normal OS X restrictions requiring that one enters an administrator's password. Even if applications can be hidden, I question the amount of damage they can do... Surely nobody will enter an admin password requested by an ".mp3" file.

    Besides, this isn't a virus so much as a security flaw. Why pay $60 for software when Apple will surely release a patch soon?

    Oh, and for all the PC assholes who are currently saying "In your face, mac zealots" or whatnot--nobody claims that OS X is bulletproof--no computer system is. Nevertheless, it seems to be a lot more secure than, say, Windows, which has security problems all of the time.

    1. Re:How does this work? by squiggleslash · · Score: 5, Insightful
      Well, if I may make the obvious point, you don't have to have an administrator password to do damage to someone's files on a Mac or any other system. If you needed the administrator password to do so, then editing your own documents would be a bureaucratic nightmare.

      I don't care that much whether some app is able to delete /System/Library/CoreServices/BootX - I mean, it'll be a pain if it happens, but that file is part of the operating system and therefore recoverable with nothing more than a re-install.

      The files I have that I don't want it deleting are the files I made myself, either directly (my novel - ok, I back it up, but...) or indirectly (my AAC/MP3 collection - yes, they're "recoverable" but not without literally a week or more of work sitting over the CD drive, rewriting lousy CDDB entries.)

      Those files are the same files that need no administrator password to corrupt them. And that is why anyone who tells you that Unix, Linux, or OS X are inherently secure needs to be taken out and shot.

      --
      You are not alone. This is not normal. None of this is normal.
  3. Ahh.. Classic catches up to us :P by __aavhli5779 · · Score: 5, Insightful

    Heh... Interesting that the first trojan horse/virus yet to be seen for OS X uniquely exploits the discordance between the "Classic" pre-OS X way of specifying file types (File Type/Creator metadata) and the new, inherited-from-Windows, file extension method.

    The basic gist of this trojan from what I've read so far (there is very little information aside from what Intego has on their own web site) is that it is a file with type AAPL (executable application) but with an .mp3 extension... the Finder thus displays an MP3 icon for it yet launches it as an application when the user double-clicks.

    What this basically comes down to, then, is the Finder making the wrong decision as to how to present the file to the user. Specifically that it presents it in one way, but acts upon it (when double-clicked) in the other. Whether it should first obey the deprecated file type metadata or the file extension is left to be argued about... what's certain is that it should always behave with the file the same way it presents it. I predict a bug fix for this will be in OS X shortly.

  4. Re:Nothing to see here. Move along. by Daniel_Staal · · Score: 5, Insightful

    It's news because it is the first Mac OS X specific virus/trojan in existence. No one claimed OS X was immune to them, just that they hadn't occurred yet. Now they have. That fact is news.

    --
    'Sensible' is a curse word.
  5. Re:Nothing to see here. Move along. by QJB · · Score: 5, Insightful

    The preview of the file shows no play functionality like an ordinary mp3 file but reads 'Kind: Application'. It may mislead users but it is simply spotted (with the naked eye).

  6. Re:Statistics by geoffspear · · Score: 5, Insightful
    I guarantee that if apache was the most widespread http server it would have as many security holes as IIS.

    Oh wait, it is. And it doesn't.

    --
    Don't blame me; I'm never given mod points.
  7. Re:Nothing to see here. Move along. by Anonymous Coward · · Score: 5, Insightful

    Well, it's been all of these things for what, about thirteen years now? When exactly are you expecting this massive wave of exploitation to take place?

  8. Re:Nothing to see here. Move along. by Anonymous Coward · · Score: 5, Insightful

    It's installed on everyone's machine, it's very hard to remove

    How exactly is dragging it into the trash to remove it hard?

    it's not open source

    Yeah, like that matters, when you consider the massive numbers of WMA and Real viruses.

    it autoplays content on the web

    Easy to turn off in preferences.

    it's a big black box waiting to be exploited.

    It's been around for what, a decade? I guess we'll have to wait some more for this particular exploit to happen.

    Thanks for playing, please try again...

  9. WHAT??? by Anonymous Coward · · Score: 5, Insightful

    Average Windows users know command lines?! What kind of fucked up world do you live in?

    The average Windows user doesn't know how to map a network drive; doesn't know how to properly unmount a USB Storage Device in Win2k; doesn't know how to CANCEL PRINT JOBS if there isn't an annoying window from the bullshit software that pops up when you print.

    The average Windows user doesn't know how to format a disk; doesn't know how to look at a full mail header, doesn't know how to Mail Merge.

    The average Windows user doesn't differentiate between hard disk and "memory"; doesn't know how to clear the Recent Documents; doesn't know how to change their password.

    The average Windows user hasn't used net send, ping, or even winipcfg. They don't know where to change the resolution on their monitor; they only change the Background from a right-click menu in Internet Explorer.

    They have never intentionally used an F-Key that wasn't modded to do something special on their multimedia keyboard. They have no idea that Ctrl-F6 will switch between panes, so you don't need to click back and forth when designing a table in Access.

    They don't know that Print Screen copies their screen to the Clipboard. Hell, they don't know what the Clipboard is.

    The average Windows user doesn't know what Temp files are; has no concept of file permissions, can't make a Pivot Table; doesn't know how to uninstall programs; Has at least two things in their system tray they can't identify; has never performed a full backup of their data; and certainly has never touched their Registry.

    Even tech support often doesn't know enough about the command line, like using "~1" doesn't mean you don't need the extension, or that Program Folder 8.1.1 becomes Progra~1.1 or that you can type the whole damn thing in quotes.

    Maybe ten years ago the average Windows user knew something about the command line, but not anymore.