First Apple Trojan reported
p2pnet.net News:- Thanks largely to iPod, Apple Computer has been grabbing a lot of headlines, lately. And more power to it.
However, one of the good things about its previous low profile (relatively speaking : ) was: it didn’t attract virus builders.
That may have changed, however.
A security warning for MP3Concept (MP3Virus.Gen) – the first Trojan to affect Mac OS X – has now been issued, according to The Mac Observer here, which quotes Mac security specialists Intego as saying the bug could exploit a weakness in the operating system by attaching itself to tags of primarily mp3 files.
MP3Virus.Gen can appear as other types of files, the story has Intego spokesman Brian Davis saying.
“Our virus team found an apparent weakness with the way OS X handles some MP3 files whereby a file can be labeled an MP3 file, but not actually be one.”
Files encapsulated in the ID3 tags of an mp3 will open when you double-click the file, says the report, continuing, “So there’s a potential there for somebody to include some sort of malicious code embedded in this part of the MP3 file that can run and obviously exploit operations on a Mac in a lot of different ways.”
Davis warned the Trojan has the potential to delete all of a user’s personal files, send an e-mail message containing a copy of itself to others and infect other mp3, JPEG, GIF or QuickTime files, says the Observer, going on that the same technique could be used to infect .jpg or .gif files as well, according to Davis.
However, “Early reports are no such campaign to spread viruses through the Trojan Horse have been reported,” says the story.
“So far what we’ve discovered is basically this weakness is benign, but we see an opportunity for exploitation here, so that’s why we have released this Trojan horse protection update,” Davis commented.
Representatives from Apple Computer “were not immediately available for comment”.
April 9th, 2004 at 3:10 pm
I think this “weakness” stuff is BS. I know Apple have gone off half-cocked with OS X but I’m sure they’re not so stupid as to have implemented this.
This would be such an obvious bug/feature that it would’ve been discovered years ago, not just now.
April 9th, 2004 at 3:31 pm
May be apple never thought that IPOD would be so big, hence overlooked this potential/simple problem.
April 9th, 2004 at 3:43 pm
Mac has finally become broad enough to be attractive to the hackers. Mac users beware because you are now in the real world.
April 9th, 2004 at 5:56 pm
May be apple never thought that “files” would be so big, hence overlooked this potential/simple problem.
This has nothing to do with the iPod, other than that the iPod happens to play music. This is a weakness of someone making an APPLICATION look something like an mp3.
Geez, you sound dumb. iPod, duh, Apple, duh, problem, duh, must be related.
April 9th, 2004 at 6:09 pm
Go here: http://p2pnet.net/index.php?page=comment&story=1177&comment=1195
April 9th, 2004 at 6:11 pm
Go here: http://p2pnet.net/index.php?page=comment&story=1177&comment=1195
April 9th, 2004 at 7:58 pm
I believe that the iPod software, whether Mac or PC, strips all but the most basic tags from a music file when it is transferred to the iPod. Things like album covers, long text info, etc. is not transferred, so could not be used to transfer a large “trojan” file from one Mac/PC via iPod to another Mac/PC.
I see how the “Tag Trojan” (my coin, c.2004 — heehee) could launch, as if you click on an album cover preview in iTunes, it simply launches the enclosed jpeg or gif using a quicktime routine.
Though, I still wonder how/what type of routine might be triggered? This would imply an existing bug in Quicktime, I think. If the bug is Quicktime dependant, then Windows could easily be susceptible.
Given the longstanding Quicktime framework (my estimation), I doubt something as simple as “paste the virus in the ID3 tag” would have slipped through.
I wait, patiently, for a response from Apple.
Rastaruss
April 10th, 2004 at 9:24 pm
Read more at: http://www.danshockley.com/weblog.php