Mac OS X Attacked by Trojan Horse

[ragingfish]

HAHA! It isn't just Windows anymore!Quote »Mac OS X Attacked by Trojan HorseFri Apr 9, 4:17 PM ETJames Maguire , http://www.enterprise-security-today.com Mac users are used to feeling safe as their Windows-based brethren scramble to address security flaws. Now a security firm has discovered what may be the first Trojan horse created to attack Mac OS X (news - web sites). Called "MP3Virus.gen" or "MP3Concept," the Trojan horse appears to be a typical MP3 file. It is coded into the ID tags of the audio file and activates when users click on it to play the music. The Trojan horse was discovered by Intego, a Mac security and privacy firm. According to security firm Symantec (Nasdaq: SYMC - news), MP3Concept has not yet been found in the wild. That is, Symantec acknowledged that the vulnerability is real, but the company has not yet found it circulating around the Internet. But Intego CEO Laurent Marteau told NewsFactor that his company received a report of the Trojan Horse from a Mac user on April 6th. Benign Code? The MP3Concept code so far appears to be benign, doing no damage to a user's system. But "we're not sure about that," said Marteau. "The code is small but very hard to analyze." The one thing he is sure of is that the code does not contain a command to delete user's files, he said. MP3Concept, if activated, accesses files in the System folder. It has the potential to be modified to delete files or spread by mailing itself to addresses found in the user's address list, according to Intego. The Trojan horse also can appear to be other multimedia files, such as GIFs, JPGs, and QuickTime MOV files. The MP3Concept is activated only if a user clicks on an infected file in the Finder. If that same file is played from within a music player, such as iTunes, the virus does not activate. In either case, the user may not be aware of the virus: Whether it goes into action or not, the file plays the audio normally. Intego announced MP3Concept's existence on Thursday, but based on the virus's source code, it has been on the Internet since March 20th. "In the next few days, I imagine Apple (Nasdaq: AAPL - news) will probably make fix for the OS," Marteau said. A fix for the Trojan Horse is included in Intego's OS X security product. Rising Profile Mac OS X, launched in 2001, so far has been shielded from the many security flaws that regularly affect Windows. Analysts attribute this to Apple's tiny market share. "The fact that Apple is not in as many hands as Windows means there are fewer people trying to exploit those vulnerabilities in the marketplace," Jupiter analyst Michael Gartenberg told NewsFactor. But in one area of computer use, music downloading, Apple's profile has seen a dramatic recent increase, due to the success of the iTunes service. Because hackers are attracted by popular applications, it is likely that the MP3Concept may have been developed in response to the rise of iTunes. Clearly, the MP3 is an effective vehicle to distribute a virus. Security firm TruSecure conducted a study in which it download executable files from P2P service Kazaa for a month. Of the approximately 5,000 files downloaded, almost half contained malicious code of some type. BSD Based Apple's OS X is based on Berkley Secure Distribution (BSD), a Unix (news - web sites) variant. Although some security researchers say this could be a source of vulnerability -- because the code has been public for so long -- Gartner analyst Ray Wagner disputed that. "The more eyes that look at code, the more chances that vulnerabilities will be caught and fixed by the good guys," he told NewsFactor. OS X's Unix underpinnings means it is "probably far more secure" than earlier Max OSes, Gartenberg said. "Previous Mac OSes were not overly robust in terms of withstanding attacks. If you tried to attack a system 7 Mac in its heyday, it would probably have crashed before you got into it." Apple representatives were not immediately available for comment.

[Geo]

Great, just another 999,999,998 Trojans to go and we finally caught up!

[Stang2Vibe]

Now that the first one is out there, I'm sure that there will be many more to come.