Mac OS X Attacked by Trojan Horse
Mac users are used to feeling safe as their Windows-based brethren scramble to address security flaws. Now a security firm has discovered what may be the first Trojan horse created to attack Mac OS X.
Called "MP3Virus.gen" or "MP3Concept," the Trojan horse appears to be a typical MP3 file. It is coded into the ID tags of the audio file and activates when users click on it to play the music.
The Trojan horse was discovered by Intego, a Mac security and privacy firm. According to security firm Symantec, MP3Concept has not yet been found in the wild. That is, Symantec acknowledged that the vulnerability is real, but the company has not yet found it circulating around the Internet.
But Intego CEO Laurent Marteau told NewsFactor that his company received a report of the Trojan Horse from a Mac user on April 6th.
Benign Code?
The MP3Concept code so far appears to be benign, doing no damage to a user's system. But "we're not sure about that," said Marteau. "The code is small but very hard to analyze." The one thing he is sure of is that the code does not contain a command to delete user's files, he said.
MP3Concept, if activated, accesses files in the System folder. It has the potential to be modified to delete files or spread by mailing itself to addresses found in the user's address list, according to Intego.
The Trojan horse also can appear to be other multimedia files, such as GIFs, JPGs, and QuickTime MOV files.
The MP3Concept is activated only if a user clicks on an infected file in the Finder. If that same file is played from within a music player, such as iTunes, the virus does not activate. In either case, the user may not be aware of the virus: Whether it goes into action or not, the file plays the audio normally.
Intego announced MP3Concept's existence on Thursday, but based on the virus's source code, it has been on the Internet since March 20th. "In the next few days, I imagine Apple will probably make fix for the OS," Marteau said. A fix for the Trojan Horse is included in Intego's OS X security product.
