Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

  1. Welcome to the 12ozProphet Forum...
    You are currently logged out and viewing our forum as a guest which only allows limited access to our discussions, photos and other forum features. If you are a 12ozProphet Member please login to get the full experience.

    If you are not a 12ozProphet Member, please take a moment to register to gain full access to our website and all of its features. As a 12ozProphet Member you will be able to post comments, start discussions, communicate privately with other members and access members-only content. Registration is fast, simple and free, so join today and be a part of the largest and longest running Graffiti, Art, Style & Culture forum online.

    Please note, if you are a 12ozProphet Member and are locked out of your account, you can recover your account using the 'lost password' link in the login form. If you no longer have access to the email you registered with, please email us at [email protected] and we'll help you recover your account. Welcome to the 12ozProphet Forum (and don't forget to follow @12ozprophet in Instagram)!

ATTN MAC OS 10 users - Security Alert (NO JOKE)

Discussion in 'Channel Zero' started by DITDxCULT, Apr 12, 2004.

  1. DITDxCULT

    DITDxCULT Senior Member

    Joined: Dec 13, 2001 Messages: 1,192 Likes Received: 0
    I heard this on Air America Radio this morning and am still trying to find out more information on it. I don't know if it is a marketing sceme or what -- I'll post more info as I find it.

    _________________________________________-
    http://www.intego.com/home.asp

    INTEGO SECURITY ALERT

    Intego Announces Protection against the First Mac OS X Trojan Horse: MP3Concept


    April 8, 2004 – Intego, the Macintosh security specialist, has just released updated virus definitions for Intego VirusBarrier to protect Mac users against the first Trojan horse that affects Mac OS X. This Trojan horse, MP3Concept (MP3Virus.Gen), exploits a weakness in Mac OS X where applications can appear to be other types of files.

    The Trojan horse's code is encapsulated in the ID3 tag of an MP3 (digital music) file. This code is in reality a hidden application that can run on any Macintosh computer running Mac OS X.

    Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rather than showing the file as an application, leading users to believe that they can double-click the file to listen to it. But double clicking the file launches the hidden code, which can damage or delete files on computers running Mac OS X, then iTunes to play the music contained in the file, to make users think that it is really an MP3 file . While the first versions of this Trojan horse that Intego has isolated are benign, this technique opens the door to more serious risks.


    This Trojan horse has the potential to do any of the following:
    - Delete all of a user's personal files
    - Send an e-mail message containing a copy of itself to other users
    - Infect other MP3, JPEG, GIF or QuickTime files

    Due to the use of this technique, users can no longer safely double-click MP3 files in Mac OS X. This same technique could be used with JPEG and GIF files, though no such cases of infected graphic files have yet been seen.

    Intego VirusBarrier eradicates this Trojan horse, and Intego remains diligent to ensure that VirusBarrier will also eradicate any future viruses that may try to exploit this same technique. All Intego VirusBarrier users should make sure that their virus definitions are up to date by using the NetUpdate preference pane in the Mac OS X System Preferences.
     
  2. DITDxCULT

    DITDxCULT Senior Member

    Joined: Dec 13, 2001 Messages: 1,192 Likes Received: 0
    MORE INFO -----

    http://www.wired.com/news/mac/0,2125,63000,00.html

    On Thursday, Intego issued a press release saying it had found OS X's first Trojan Horse, a piece of malware called MP3Concept or MP3Virus.Gen that appears to be an MP3 file. If double-clicked and launched in the Finder, the Trojan accesses certain system files, the company claimed.

    While Intego said the Trojan was benign, it said future versions could be authored to delete files or hijack infected machines. In the release, and in subsequent telephone interviews, Intego was vague about the purported Trojan's workings and its origins.

    On Friday, Mac programmers and security experts accused the company of exaggerating the threat to sell its security software.

    "They gave the impression that this is a threat, but it isn't," said Dave Schroeder, a systems engineer with the University of Wisconsin. "It is a benign proof of concept that was posted to a newsgroup. It isn't in the wild, and can't be spread in the wild. It's a non-issue."

    "They are spreading FUD to sell their software," said Ryan Kaldari, a programmer from Nashville, Tennessee, referring to the shorthand for fear, uncertainty and doubt.

    Rob Rosenberger of Vmyths said he'd seen virus hype many, many times, and if antivirus companies put out alarmist press releases, it's for one of two reasons: "Either they're delusional or they're trying to own the hysteria," he said. "This has been going on for 16 years now."

    Rachel Keiserman, a tech-support person at Intego, denied on Friday that her company exaggerated the threat or was attempting a publicity stunt. "It's not a hoax or anything like that." She declined to comment further and pointed to a press release listing questions and answers, which defended the company's decision to classify the issue as a threat.

    "While the first versions of this Trojan Horse that Intego has isolated are benign, this technique opens the door to more serious risks," the company said. "The exploit that it uses is both insidious and dangerous, and it is our duty as a vendor of Macintosh security solutions to protect our users. We don't believe in waiting until the damage occurs, unlike some of our competitors."

    Technically, the threat isn't a Trojan Horse by the standard definition: It isn't a working piece of malicious code and can't easily be spread to other computers, experts said. Instead, it is a demonstration of a possible threat.

    "We're talking about theoreticals here," said Schroeder. "It is possible for OS X to be infested with Trojans, viruses and security issues, but until it is, they aren't justified in raising the alarm."

    The demonstration contains a real MP3 file of someone laughing. When launched in jukebox software like iTunes, the MP3 file plays and nothing else happens. But if double-clicked in the Finder, the MP3 file plays and a warning is displayed.

    The program can't be spread by e-mail or through a file-sharing network unless it is compressed using software like Aladdin's Stuffit. Failing to compress the MP3 file before sending it renders the software inoperative.

    The program exploits a vulnerability that goes back to the original Mac operating system: The system allows programs to appear as a file. Programs can have any icons, names or file extension. In other words, users could be tricked into activating a malicious program, thinking they were opening a document, picture or song.

    The vulnerability was exploited several times by Trojans authored for previous versions of the Mac OS.

    Mac programmer Bo Lindbergh wrote the threat demonstration and posted a link on the comp.sys.mac.programmer.misc newsgroup on March 20. The link leads to a site in Sweden. The file has now been removed. Lindbergh didn't respond to an e-mail requesting comment.

    Symantec on Friday said it was aware of the software. "It is a proof-of-concept Trojan that does affect the Mac platform; however, it is currently not present in the wild," the company said in a statement. It said it would continue to monitor the situation.

    Likewise, Apple spokeswoman Natalie Sequeira said the company was investigating. "We are aware of the potential issue identified by Intego and are working proactively to investigate it," she said.
     
  3. Jackson

    Jackson Veteran Member

    Joined: May 21, 2002 Messages: 7,345 Likes Received: 122
    CUNTS!
    I hate virii.
     
  4. seeking

    seeking Dirty Dozen Crew

    Joined: May 25, 2000 Messages: 32,277 Likes Received: 234
    apparently you didnt hear the caller later on in the show, who pretty accuratly summed it up as hype. also, this was discussed on here a few days ago. yes, the virus exists, but it's very, very difficult to get transmitted to your computer and do any damage. i dont remember why, but you basically have to run it knowing that you're trying to run it. the virus started on a newsgroup, as a programmers 'bet' to see if they could make one, and they did, but it's not a virus in the traditional sense that pc virus' are.
    basically, don't worry about it. mac is already working on a fix for it, but either way, the chances of you jerking off to midget porn and blowing your wad into your processor are more likely than getting the virus.
     
  5. DITDxCULT

    DITDxCULT Senior Member

    Joined: Dec 13, 2001 Messages: 1,192 Likes Received: 0
    I did hear the follow up caller, who gave the link to wired news. Hence - why I posted a follow up.

    Sorry for doubling up on topics. I didn't see it on any of the other pages.
     
  6. seeking

    seeking Dirty Dozen Crew

    Joined: May 25, 2000 Messages: 32,277 Likes Received: 234
    no sweat, i was more just saying that so you could pull it up if you wanted to read what we'd posted.
     
  7. DITDxCULT

    DITDxCULT Senior Member

    Joined: Dec 13, 2001 Messages: 1,192 Likes Received: 0
    I'll check it out -- go ahead and delete this thread if you want.
     
  8. gfreshsushi

    gfreshsushi Senior Member

    Joined: Sep 21, 2003 Messages: 2,244 Likes Received: 1
  9. j

    j Guest

    OS X Trojan Horse Is a Nag_
    By Leander Kahney



    Story location: http://www.wired.com/news/mac/0,2125,63000,00.html


    12:44 PM Apr. 09, 2004 PT


    (Editor's note: This story corrects an earlier report that stated that the Macintosh operating system had become a target of a malicious Trojan Horse.)


    Security experts on Friday slammed security firm Intego for exaggerating the threat of what the company identified as the first Trojan for Mac OS X.




    On Thursday, Intego issued a press release saying it had found OS X's first Trojan Horse, a piece of malware called MP3Concept or MP3Virus.Gen that appears to be an MP3 file. If double-clicked and launched in the Finder, the Trojan accesses certain system files, the company claimed.


    While Intego said the Trojan was benign, it said future versions could be authored to delete files or hijack infected machines. In the release, and in subsequent telephone interviews, Intego was vague about the purported Trojan's workings and its origins.


    On Friday, Mac programmers and security experts accused the company of exaggerating the threat to sell its security software.


    "They gave the impression that this is a threat, but it isn't," said Dave Schroeder, a systems engineer with the University of Wisconsin. "It is a benign proof of concept that was posted to a newsgroup. It isn't in the wild, and can't be spread in the wild. It's a non-issue."


    "They are spreading FUD to sell their software," said Ryan Kaldari, a programmer from Nashville, Tennessee, referring to the shorthand for fear, uncertainty and doubt.


    Rob Rosenberger of Vmyths said he'd seen virus hype many, many times, and if antivirus companies put out alarmist press releases, it's for one of two reasons: "Either they're delusional or they're trying to own the hysteria," he said. "This has been going on for 16 years now."


    Rachel Keiserman, a tech-support person at Intego, denied on Friday that her company exaggerated the threat or was attempting a publicity stunt. "It's not a hoax or anything like that." She declined to comment further and pointed to a press release listing questions and answers, which defended the company's decision to classify the issue as a threat.


    "While the first versions of this Trojan Horse that Intego has isolated are benign, this technique opens the door to more serious risks," the company said. "The exploit that it uses is both insidious and dangerous, and it is our duty as a vendor of Macintosh security solutions to protect our users. We don't believe in waiting until the damage occurs, unlike some of our competitors."


    Technically, the threat isn't a Trojan Horse by the standard definition: It isn't a working piece of malicious code and can't easily be spread to other computers, experts said. Instead, it is a demonstration of a possible threat.


    "We're talking about theoreticals here," said Schroeder. "It is possible for OS X to be infested with Trojans, viruses and security issues, but until it is, they aren't justified in raising the alarm."


    The demonstration contains a real MP3 file of someone laughing. When launched in jukebox software like iTunes, the MP3 file plays and nothing else happens. But if double-clicked in the Finder, the MP3 file plays and a warning is displayed.


    The program can't be spread by e-mail or through a file-sharing network unless it is compressed using software like Aladdin's Stuffit. Failing to compress the MP3 file before sending it renders the software inoperative.


    The program exploits a vulnerability that goes back to the original Mac operating system: The system allows programs to appear as a file. Programs can have any icons, names or file extension. In other words, users could be tricked into activating a malicious program, thinking they were opening a document, picture or song.


    The vulnerability was exploited several times by Trojans authored for previous versions of the Mac OS.


    Mac programmer Bo Lindbergh wrote the threat demonstration and posted a link on the comp.sys.mac.programmer.misc newsgroup on March 20. The link leads to a site in Sweden. The file has now been removed. Lindbergh didn't respond to an e-mail requesting comment.


    Symantec on Friday said it was aware of the software. "It is a proof-of-concept Trojan that does affect the Mac platform; however, it is currently not present in the wild," the company said in a statement. It said it would continue to monitor the situation.


    Likewise, Apple spokeswoman Natalie Sequeira said the company was investigating. "We are aware of the potential issue identified by Intego and are working proactively to investigate it," she said.
     
Top