Mac OS X: Trojan Horses não atacam só o windowze

Chip

Zwame Advisor
Thanks to Apple Computer's rising star in the world of digital music, Mac OS X has become a target for malware authors.

A Trojan horse, called MP3Concept or MP3Virus.gen, has been discovered that masquerades as an MP3 file. It hides in ID tags of the file and becomes activated when unwary users click on it, expecting to play a digital song.

"This is the first native Mac OS virus we've found," said Brian Davis, U.S. sales manager for Intego, a Mac security and privacy firm that discovered the Trojan.

The Trojan is benign, according to Intego. If launched, it doesn't do anything except access files in the System folder. But Intego warned that the code could be modified easily to delete files or hijack a machine and replicate itself through e-mail.

"This is likely a test Trojan showing these things are possible," said Davis. "There's definitely an open door we don't want to leave open."

The Trojan appears to be the first malicious code for Mac OS X, which was launched in March 2001.

Until now, Mac users have prided themselves on running a system that has been largely virus-free. Few Mac OS X users run antivirus software, or are wary of double-clicking files they've downloaded or received in e-mail.

That could change quickly. Nearly half of the executable files downloaded through Kazaa contain malicious code like viruses and Trojan horses, according to a recent study by security firm TruSecure. Out of 4,778 files downloaded in one month for the study, nearly half contained various types of nefarious code.

Davis said the Trojan likely appeared because of Apple's growing influence in digital music.

"Given Apple's previous market share, OS X wasn't a challenge," he said. "As Apple becomes more visible, it's more of an attractive target."

The Trojan appears to be an ordinary MP3 file. In fact, it will play music if launched from inside a digital jukebox like Apple's iTunes. The song plays and the Trojan isn't activated. But if the file is double-clicked in the Finder, the Trojan is launched. The file also launches iTunes and plays the song as normal.

Intego publicized the Trojan on Thursday, though it has been online since March 20, according to an examination of its source code.

The Trojan was first reported to the firm's Paris office. Intego said it had been reported by customers in Europe and the United States.

The Trojan's profile is included in the firm's updated virus definitions for its OS X security product, VirusBarrier.


http://www.wired.com/news/mac/0,2125,63000,00.html?tw=rss.TOP
 
Back
Topo