stargeek
First malware for OS X?First malware for OS X?First malware for OS X? 04/09/2004 04:04 PM One of the selling points of OS X has been, to date, the lack of any viruses, worms, or Trojan horses. Intego reports that it has identified a Trojan horse called MP3Concept. Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rather than showing the file as an application, leading users to believe that they can double-click the file to listen to it. But double clicking the file launches the hidden code, which can damage or delete files on computers running Mac OS X, then iTunes to play the music contained in the file, to make users think that it is really an MP3 file . While the first versions of this Trojan horse that Intego has isolated are benign, this technique opens the door to more serious risks.Link Meeroh sez:
The Mac OS X mp3 trojan is being blown completely out of proportion.
Quick review of facts so far:
1. It was pointed out in a Usenet thread that it is possible to
embed arbitrary data in an mp3
2. It was subsequently suggested that the arbitrary data could be
executable
3. An enterprising developer proceeded to then create a file which to
any mp3 player will appear as an mp3 file, but the Mac OS X Finder
sees it as an application
4. An anti-virus vendor published advertising for their product saying
that it has a cure for this form of Trojan.
Some other relevant points:
1. This has little to do with Mac OS X vs. Mac OS 9. The exact same
file will do the exact same thing on Mac OS 9 -- be playable by mp3
players, and act as an application
2. This has little to do with Mac OS X using extensions to identify
file types. The icon shown by the Finder could be embedded in the file
itself, in which case the file would look like an mp3 file regardless
of its name.
3. This trick requires using the resource fork, and therefore the file
has to be transmitted encoded. Any mp3 file that is transferred as a
plain binary file (as opposed to a Mac binary file, with the resource
fork), is harmless.
4. The fact that the file can be played in am mp3 player is
irrelevant; if the trojan were malicious, the user would be doomed
after double-clicking on it regardless of whether the file is a valid
audio file.
To summarize, a Mac application can have any icon or name
whatsoever, including a name and an icon that make it look like a
document. Exactly what happens when you receive such an application
(in email or by downloading it in your browser) depends on your
settings, but I am not aware of any case in which it will be
automatically launched.
Therefore, to activate this Trojan you have to either receive a
Mac-encoded attachment and double-click on it in the Finder, or you
have to download a Mac-encoded a file (which is then usually decoded
to your desktop) and double-click it in the Finder.
The only reason that this is news is that a vendor of anti-virus
software took it as an opportunity to generate some advertising, as
far as I can tell. This is a GrokNews Entry: (what is grok?)First malware for OS X?Grok Headline matches for First malware for OS X?Malware Inc.Malware Inc. 04/04/2005 08:50 PM In news that should surprise absolutely none of you, it appears that the people who used to write viruses for ego purposes are increasingly writing spyware for money instead. Basically, what the study (bias alert: done by a security company who's trying to sell you stuff) points out is that, just like with file sharing applications, spyware and adware have become a business model for virus writers. They're wrapping up their viruses with spyware; they still get the ego boost, but also some profit as well. No wonder virus companies are desperately trying to come up with decent anti-spyware offerings. Malware on the way outMalware on the way out 07/15/2004 12:21 PM Are spyware & adware on the way out? More and more I'm hearing about companies taking the turn for the better. BOUT TIME! Even the once-accused WeatherBug has taken strong stances and stronger actions against malware, and is called for it. But will it last, has features and views beat the 'ware? Malware: Do you know your enemy?Malware: Do you know your enemy? 02/05/2005 09:11 PM ZDNet Feb 4 2005 12:40PM GMT New Malware Causes ConcernNew Malware Causes Concern 06/25/2004 12:46 AM Developing | NetSec Inc. has detected a new vulnerability that is infecting users of Microsoft Windows with malware. By visiting a malicious website with the Internet Explorer web browser, users can become silently infected with arbitrary code that is embedded in images on web pages. Once installed, the code begins to log keystrokes and then calls home to servers which then upload even more payload onto infected systems. Click Here For MalwareClick Here For Malware 09/23/2004 06:52 AM TechTree Sep 23 2004 10:05AM GMT Analyzing malwareAnalyzing malware 02/19/2004 04:11 AM Malware is a set of instructions that run on your computer and make your system do something that an attacker wants it to do. I strongly encourage you to run attack and defensive tools in a laboratory of your own. Here's how. All quiet on the malware frontAll quiet on the malware front 07/01/2004 06:55 AM Zafi tops viral charts in placid June Malware attacks IE users via pop-upsMalware attacks IE users via pop-ups 06/30/2004 07:34 AM Oh dear Big muscle on the way to battle malwareBig muscle on the way to battle malware 12/27/2004 04:34 AM USA Today Dec 27 2004 8:50AM GMT Other News: Using Malware for ProfitOther News: Using Malware for Profit 09/09/2004 10:37 AM USA Today spent eight months digging into details of computer malware and its use for profit. Other News: Sniffer MalwareOther News: Sniffer Malware 09/20/2004 10:43 AM The latest malware sniffs network traffic for sensitive information, a nasty new trick. Malware Might Become a Problem for
|
Also check out: |