Apr 09
Trojan Horse for Mac OS X
2004 at 01.43 am posted by Veerle Pieters
Yes you read it right! Intego makers of the Intego virus software have released a press release that they have found a Trojan Horse (MP3Virus.Gen) that affects Mac OS X. A Trojan Horse differs from a virus as it is a stand alone program. The Trojan Horse DOES NOTHING BAD but has the potential to delete all of a user’s personal files; send an e-mail message containing a copy of itself to other users; and infect other MP3, JPEG, GIF or QuickTime files.
So this thing has the icon of a MP3 file but is actually a program as you can see in this screenshot. Also this MP3 file has to be transferred over the Internet either as a MacBinary file, a BinHex file or a compressed archive (usually Stuffit). None of these formats would normally be used to transfer an MP3.
This made me think. Anti Virus apps on Mac aren’t big business so what is the best marketing trick money can buy? Yes make a Trojan Horse and tell the world about it and at the same time claim that you have the solution. Such a move is guaranteed to sell some packages. Best of all they’re going to get some serious exposure with this because the PC media is going to have a field day with this news and all sorts of lies are going to be told. Just like all those doom stories about Apple going under in the past years etc.
So what has Symantec (leader in Anti Virus software) to say about this?
Symantec Corp. said they were aware of the Trojan, but noted that the virus has not been found in the “wild.
“Symantec Security Response is aware of the MP3Virus.Gen Trojan,” a spokesperson from Symantec Security Response said. “It is a proof of concept Trojan that does affect the Mac platform, however it is currently not present in the wild. Symantec Security Response will continue to closely monitor this and any other potential threats to the Mac OS X platform.”
So let’s recap this Trojan Horse has the potential to do bad things but as of this moment IT DOESN’T! Personally I am going to trust Apple on this one as they have a good track record in dealing with security vulnerabilities.
5served
1
Intego is blowing this out of proportion to sell their products and should be punished for their utter lack of ethics, and stupidity.
2
Hmm, is this news to anybody? I mean, everybody knows that the file extension doesn’t dictate the file type on a Mac, right? And, of course, the maker of a program can decide what type of icon the program should have. So, obviously, any program can be made to disguise itself as any innocent looking data file… Or am I missing something?
3
Indeed sounds like a marketing stunt. Intego claims :
“The Trojan horse’s code is encapsulated in the ID3 tag of an MP3”
This is a lie because it is an executable in the resource fork. As Veerle said such a thing doesn’t survive on the Internet unless it is stuffed.
This will blow in their faces you’ll see!
4
Yeah, in addition to this being stupid, it’s been around forever.
Even back in OS9 you could name the file myVirus.mp3 and simply change the type to appl. Slap an icon on there to make it look like and MP3, and yer done.
As such, making this kind of virus has been around for, oh say, 10 years now. However, I’ve never seen anyone exploit it.
I wouldn’t be worried. And I wouldn’t buy their “protection”.
5
As Jeff states: “As such, making this kind of virus has been around for, oh say, 10 years now.” - It’s true. In ‘94 I bought the book “Resedit Complete” by Peter Alley and Carolyn Strange, explaining everything ‘bout the resource fork in Mac-files, perhaps those guys got a copy of this book recently ? :-)
I must admit it’s nice to fiddle around in the resource fork but a damn shame that people take advantage of the (seemingly) unknowing masses…
Ziepe