This is an article at Cnet.com News regarding a French security company finding a flaw in MacOS X which could leave Macs open to virus attacks.
Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rather than showing the file as an application, leading users to believe that they can double-click the file to listen to it. But double clicking the file launches the hidden code, which can damage or delete files on computers running Mac OS X, then iTunes to play the music contained in the file, to make users think that it is really an MP3 file . While the first versions of this Trojan horse that Intego has isolated are benign, this technique opens the door to more serious risks.
MacMerc wrote:Yesterday Intego issued a security alert which was little more than a software update announcement thickly veiled as a virus warning. Intego had just released updated virus definitions for VirusBarrier that protected Mac users against a conceptual Trojan horse that could theoretically affect Mac OS X. The Trojan horse, named MP3Concept (MP3Virus.Gen), would exploit a weakness in Mac OS X where applications can appear to be other types of files. The code would be encapsulated in the ID3 tag of an MP3 file but in reality would be a hidden application that could run on any Mac running Mac OS X.
This seems to have been just a clever ploy to sell copies of VirusBarrier, but if any reader has actually found a Mac infected with this Trojan, please comment below.
Intego claims this Trojan horse has the potential to do any of the following:But as Apple-X.net rightly points out, "This alert seems to be blown out of proportion. The only working code seems to be just a CONCEPT trojan for Mac OS X (especially since "concept" appears in the trojan's name). A Google groups thread has an actual working trojan that does not harm your computer, but just illustrates the 'vulnerability'."
- Delete all of a user's personal files
- Send an e-mail message containing a copy of itself to other users
- Infect other MP3, JPEG, GIF or QuickTime files
Registered users: Google [Bot]