Posted on 04/08/2004 12:52:52 PM PDT by HAL9000
Edited on 04/29/2004 2:04:11 AM PDT by Jim Robinson. [history]
Intego today said it released an updated virus definitions for Intego VirusBarrier to protect Mac users against the first Trojan horse that affects Mac OS X. This Trojan horse, MP3Concept (MP3Virus.Gen), exploits a weakness in Mac OS X where applications can appear to be other types of files: "The Trojan horse's code is encapsulated in the ID3 tag of an MP3 (digital music) file. This code is in reality a hidden application that can run on any Macintosh computer running Mac OS X. Intego says the malicious application can delete files, propogate itself by sending a message to other users, and also infect other MP3, JPEG, GIF or QuickTime files.
(Excerpt) Read more at macnn.com ...
That's not going to help if I actually want to do something with sudo. :) It'll have to open a terminal first though.
Anyway, let's just sit back and see 1) what percentage of Macs get infected and what degree of harm is done, and 2) see how long it takes for a fix. With the critical IE bug released today it would be nice to see the race.
Oops. No daemons for you. Guess they won't be installing a virus scanner that could catch this sort of thing. Or patching their system once a fix is available. Or doing anything else that requires root privs to accomplish.
Don't blink - you might miss it.
In any case, this little bug takes care of the first half of breaking your system - surreptitiously running my code on your box. From there, I can try to social-engineer my way into rooting everything, or I can try to exploit other holes into rooting everything. Or I can not bother and just wipe out everything in your home directory, which, as someone else pointed out above, is where you keep everything valuable to you anyway. The guy who gets his dissertation erased the week before he was set to hand it in is likely not going to be comforted by the fact that his box wasn't rooted. :^)
It's definitely serious, but it does require a bit more work to get on your system than someone reading an email or visiting a web site, or just being on the net period.
I wonder if this is going to be handled by Apple as a virus issue ("update your antivirus") or if they'll fix the bit that allows the program to appear as an innocent file. I don't always trust Apple to do the right thing.
Everybody missed this line.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.