By registering with us, you'll be able to discuss, share and private message with other members of our community.

  1. Welcome to the 12ozProphet Forum...
    You are currently logged out and viewing our forum as a guest which only allows limited access to our discussions, photos and other forum features. If you are a 12ozProphet Member please login to get the full experience.

    Please note, if you are a 12ozProphet Member and are locked out of your account, you can recover your account using the 'lost password' link in the login form. If you no longer have access to the email you registered with, please email us at [email protected] and we'll help you recover your account.

PSA ________first MAC mp3 VIRUS..... be warned.

Discussion in 'Channel Zero' started by heavyLox, Apr 9, 2004.

  1. heavyLox

    heavyLox Veteran Member

    Joined: Feb 2, 2002 Messages: 7,196 Likes Received: 17
    PSA _____first MAC mp3 VIRUS..... be warned.

    From ]http://www.macintouch.com/] ]http://www.macintouch.com/[/url]

    [14:40 EDT] Intego reports a nasty Trojan horse that runs on Mac OS X:
    Intego, the Macintosh security specialist, has just released updated
    virus definitions for Intego VirusBarrier to protect Mac users against
    the first Trojan horse that affects Mac OS X. This Trojan horse,
    MP3Concept (MP3Virus.Gen), exploits a weakness in Mac OS X where
    applications can appear to be other types of files.
    The Trojan horse's code is encapsulated in the ID3 tag of an MP3
    (digital music) file. This code is in reality a hidden application that
    can run on any Macintosh computer running Mac OS X.
    Mac OS X displays the icon of the MP3 file, with an .mp3 extension,
    rather than showing the file as an application, leading users to
    believe that they can double-click the file to listen to it. But double
    clicking the file launches the hidden code, which can damage or delete
    files on computers running Mac OS X, then iTunes to play the music
    contained in the file, to make users think that it is really an MP3
    file . While the first versions of this Trojan horse that Intego has
    isolated are benign, this technique opens the door to more serious
    This Trojan horse has the potential to do any of the following:
    • Delete all of a user's personal files
    • Send an e-mail message containing a copy of itself to other users
    • Infect other MP3, JPEG, GIF or QuickTime files
    Due to the use of this technique, users can no longer safely
    double-click MP3 files in Mac OS X. This same technique could be used
    with JPEG and GIF files, though no such cases of infected graphic files
    have yet been seen.
  2. j

    j Guest

    I call bullshit.

    Edit: Maybe I should rephrase that. What I meant to say was it's going to be hard to pick this one up on your mac.. the executable code is located in the resource fork of the file, which will only stay intact in a file downloaded from the www or through a p2p program if that file is compressed in a .sit archive. So most people are not going to have to worry about it.

    What's bullshit is that so many people are making a big deal over this.. just to say, "See, macs have viruses/security holes too!" Big deal.

    Nice to see some mac heads on the boards.
  3. heavyLox

    heavyLox Veteran Member

    Joined: Feb 2, 2002 Messages: 7,196 Likes Received: 17
    thats your right to do. Can i ask why?
  4. villain

    villain Veteran Member

    Joined: Jul 12, 2002 Messages: 5,190 Likes Received: 2
    I bet bill gates wrote it... :crazy:
  5. j

    j Guest

    more info.

    Not something I'd worry about very much.
  6. slave_one

    slave_one Elite Member

    Joined: Apr 4, 2003 Messages: 2,745 Likes Received: 2
    i am still on OS9 at home, OSX at work. so this virus is nothing then, right? i don't feel like reading all the technical stuff on slashdot...

    i love my mac.
  7. heavyLox

    heavyLox Veteran Member

    Joined: Feb 2, 2002 Messages: 7,196 Likes Received: 17
    so am i to understand:

    files transffered with out the help of further compression, i.e. stuffed, will have the resource fork removed thus dissabling the .app cloak , thus not executing the code int eh ID3 tag?
  8. yoink

    yoink Elite Member

    Joined: May 27, 2002 Messages: 3,428 Likes Received: 0
    ditto...once you go mac you never go back.

    bust as for the news...Im not too worried about it. I dont DL much from the mac. good heads up though, I hadnt seen that news.