Log in

View Full Version : OSX Trojan On The Loose


Kent Pribbernow
04-08-2004, 10:30 PM
<div class='os_post_top_link'><a href='http://maccentral.macworld.com/news/2004/04/08/trojan/' target='_blank'>http://maccentral.macworld.com/news/2004/04/08/trojan/</a><br /><br /></div><img src="http://www.digitalmediathoughts.com/images/apple_virus.jpg" />Well this should finally put the myth of OSX security to rest. The very first (and likely not the last) major Trojan horse has made its public debut on the Mac platform. <br /><br />"Intego told MacCentral today that the code is hidden in the ID3 tag of the MP3 file. The code will only activate when clicked, but once it is, Intego warns the Trojan horse has the potential to delete all of a user's personal files; send an e-mail message containing a copy of itself to other users; and infect other MP3, JPEG, GIF or QuickTime files.<br /><br />Intego also said that the same technique could be used to infect .jpg or .gif files, although no such cases have been found. Intego has released updated virus definitions to combat the Trojan horse."<br /><br />What's this? You mean Windows isn't the only platform with security issues? I am shocked! :roll:

entropy1980
04-08-2004, 10:46 PM
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&frame=right&th=631707378ffe9292&seekm=blgl-5D750C.02150821032004%40news.bahnhof.se#link6

It appears that this is merely a proof of concept virus, it is utterly benign. It was not made with any malicious intent, but to demonstrate one way that OS X could be exploited.
Intego got wind of it and blew it out of proportion, but I suppose it is theoretically possible that future viruses could be modeled on it. However I'm sure that Apple could, even more quickly, release a security update that fixes this.

Kent Pribbernow
04-08-2004, 11:17 PM
Oh I have no doubt this story is being grossly blown out of proportion, but I just thought it was rather humorous considering all the ignorant comments I've read from within the Mac community at how "bulletproof" OSX security is.

I've said this many times before, and I'll repeat it again. So long as code is written by human hands there will always be flaws in software. That's a fact, not an opinion. If you wish to live inside a bubble of ignorance, believing your platform is "secure" simply because few exploits have occurred, then you deserve to suffer the consequences.

entropy1980
04-08-2004, 11:28 PM
I just thought it was rather humorous considering all the ignorant comments I've read from within the Mac community at how "bulletproof" OSX security is.

True but still in 3 years OS X has had only what 1 virus? Not a bad track record. One thing to keep in mind is OS X was built on UNIX which has always been a Network OS, so security is inherent in it. Windows security was an afterthought (ok NT was supposed to be an answer as was 2000 and now XP) but none the less security wasn't a priority. Things like the fact to install anything you have to type your admin password and having ports closed by default make OS X a much tougher cookie to crack out of the box. Windows on the other hand is like donut in Homer Simpson's kitchen just asking to be eaten alive.... hopefully Service Pack 2 will alleviate some of the problems XP has had with security. In the end I don't think it's as much as code exploits as dumb end users most exploits wouldn't be a problem if people just didn't open unknown attachments or unexpected ones anyway!

ctmagnus
04-09-2004, 12:47 AM
I've said it before and I'll say it again: If it can be created by humans, it can be hacked/cracked/destroyed by humans.

Anyone want to the next MS OS to be written by an elephant?

foldedspace
04-09-2004, 03:55 AM
Hackers are lazy and like computers they can tinker with. Therefore they write malicious code to affect the largest number of computers on a platform they themselves like to use. I like Macs alright, but what's the point of writing a virus/worm/trojan that will only affect 10 percent of the computers out there?

Spyware, on the other hand, seems to install just fine on a Mac...ick.

Gary Sheynkman
04-09-2004, 04:14 AM
Im actually glad this happened because Jobs way saying to the hacking world: "please bother to make a virus for our small user base!"

Kent Pribbernow
04-09-2004, 05:30 AM
Well my hope is this will infuse a sobering dose of reality into the Mac community, perhaps open a few eyes. The comments and claims I've heard in the past are frankly nauseating. One Mac user told me that he didn't believe an OSX virus were possible because, if it were, we would have seen one by now. Brilliant logic. Yeah, I'll never have a heart attack in my life because it would have happened by now. Yeesh. :roll:

Another person likewise claimed this was equally impossible because, virus writers would have fallen over themselves to be the very first person to write an OSX virus, which would bring them lots of fame. In his own words..."I don't think it can be done".

Such stupidity is dangerous. :pukeface:

Zack Mahdavi
04-09-2004, 05:44 AM
Yeah, OS X definitely isn't secure-proof....

Mr. MacinTiger
04-09-2004, 02:18 PM
Well, this is dangerously close to turning into a Win vs. Mac thread, which I really want to steer clear of in the interests of community wellness :P and because threads like that take place all over the net daily to no ultimate purpose.

That said though...
Kent you are right in theory...We all know that any OS that is coded by human hands can be hacked. And yes, we all know that OS X falls under that as well.
HOWEVER, it seems like on a daily baisis in the office on our Win 2000 machines we are getting hammered by Word and email viruses. Norton is kept VERY busy and trojans and viruses have gotten past it several times resulting in files lost, system downtime, and money for the IT guys we have to hire to bring everything back online. You have to read your email with a VERY cautious and discerning eye, even with Norton running.

At home, I have NEVER had that problem on my Mac...NEVER. That's my reality...Now, am I bulletproof? Nope and I know that, but for myself and millions of other Mac users the hassles of viruses and Trojans, etc. are not something we have to deal with on a day to day basis. Thus far anyway...

foldedspace
04-09-2004, 04:04 PM
I think the point is that Macs don't get infected because nobody bothers to write viruses for them. It has nothing to do with OSX being bulletproof. If Apple had 90 percent of the market, then they would be the ones having to issue security patches every month, and the Windows community would be bragging about the impenetrable nature of PC's.

If I lived in the middle of the woods in Montana, I could also brag all day about how I never had to deal with door to door salesmen.

Mr. MacinTiger
04-09-2004, 07:04 PM
Apple responds to Trojan Horse Advisory

By Jim Dalrymple [email protected]

April 09, 2004 12:35 pm ET
Apple Computer Inc. responded on Friday to an advisory issued by security software-maker Intego on Thursday. Apple said they were aware of the issue outlined by Intego and that they were investigating.

"We are aware of the potential issue identified by Intego and are working proactively to investigate it," said Apple in a statement given to MacCentral. "While no operating system can be completely secure from all threats, Apple has an excellent track record of identifying and rapidly correcting potential vulnerabilities."

In the advisory issued yesterday, Intego said a Trojan horse called MP3Concept (MP3Virus.Gen), exploits a weakness in Mac OS X where applications can appear to be other types of files, according to the company.

Late last night, Symantec Corp. said they were also aware of the Trojan, but noted that the virus has not been found in the "wild."

"Symantec Security Response is aware of the MP3Virus.Gen Trojan," a spokesperson from Symantec Security Response, told MacCentral. "It is a proof of concept Trojan that does affect the Mac platform, however it is currently not present in the wild. Symantec Security Response will continue to closely monitor this and any other potential threats to the Mac OS X platform."

mrkablooey
04-10-2004, 02:22 AM
You can definitely rest easier owning a Mac when it comes to these sorts of things, though I guess it only takes a few to start the ball rolling. There's certainly an abundance of issues dealing with security on the PC platform that the Mac doesn't experience. Guess it's all just a matter of time, but we'll see how it plays out. :)

Janak Parekh
04-10-2004, 03:34 AM
One thing to keep in mind is OS X was built on UNIX which has always been a Network OS, so security is inherent in it.
Not entirely true. UNIX is secure nowadays because it's had years to evolve. The first Internet Worm was done on UNIX boxes, back in the days when they were extremely insecure.

hopefully Service Pack 2 will alleviate some of the problems XP has had with security.
From what I've seen, the answer is virtually an unmitigated yes. It's quite impressive. It's the first time I've been able to applaud Microsoft outright for putting security truly first.

--janak

entropy1980
04-10-2004, 12:48 PM
One thing to keep in mind is OS X was built on UNIX which has always been a Network OS, so security is inherent in it.
Not entirely true. UNIX is secure nowadays because it's had years to evolve. The first Internet Worm was done on UNIX boxes, back in the days when they were extremely insecure.


Yes it has had years to evolve but it was and always has been a network OS so security has always important where as a with windows there hasn't needed to necesarrily been a focus as it was developed with the thought in mind. Of course when you've been around since the 60's like Unix your going to have a a little head start on security and there's no denying it however, like I said it's a non-issue anyway because bonehead endusers will always trump security.

BTW

http://www.wired.com/news/mac/0,2125,63000,00.html?tw=newsletter_topstories_html

Kind of sums things up....

Mr. MacinTiger
04-10-2004, 09:36 PM
http://www.boingboing.net/2004/04/08/first_malware_for_os.html
Check it out...good breakdown of the problem.

James Fee
04-11-2004, 05:24 AM
Another good article on the "Trojan" here too...

http://arstechnica.com/news/posts/1081623266.html

Again, the press proves that it doesn't research anything until a couple days after the first articles go out.

Filip Norrgard
04-13-2004, 02:20 PM
F-Secure has a nicer report on the Mac OS X "trojan":After years of silence, things are happening on the Macintosh platform. A new trojan known as MP3Concept was found recently. This is not a virus, and it has not been seen in the wild, ie. IT'S NOT SPREADING AND INFECTING MACINTOSHES. We're talking about a proof-of-concept example...but an interesting one; partly because it's on a Mac, partly because it's an MP3 file.
http://www.f-secure.com/weblog/

It also gives some nice background to the Macs and viruses, etc.