*DAMN R6 Forum

Just a heads up to anyone who doesn't know...there's a Trojan Horse in OSX - the first one.

From Macnn:

This Trojan horse, MP3Concept (MP3Virus.Gen), exploits a weakness in Mac OS X where applications can appear to be other types of files: "The Trojan horse's code is encapsulated in the ID3 tag of an MP3 (digital music) file. This code is in reality a hidden application that can run on any Macintosh computer running Mac OS X. Intego says the malicious application can delete files, propogate itself by sending a message to other users, and also infect other MP3, JPEG, GIF or QuickTime files.                                    
                                     
                                     The company says that Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rather than showing the file as an application, leading users to believe that they can double-click the file to listen to it. But double clicking the file launches the hidden code, which can damage or delete files on computers running Mac OS X, then iTunes to play the music contained in the file, to make users think that it is really an MP3 file . While the first versions of this Trojan horse that Intego has isolated are benign, this technique opens the door to more serious risks.  

"Due to the use of this technique, users can no longer safely double-click MP3 files in Mac OS X. This same technique could be used with JPEG and GIF files, though no such cases of infected graphic files have yet been seen."  


Update your virus definitions/software!

I would highly suggest that you read the comments on that story one.

Well, since I currently do not, and probably never will, use mp3 files on my Mac, I don't think this will affect me.  I only use music files in the very rich AIFF format (the format they come in on a regular Music CD).

     Well, without even reading the story, that sounds like a load of bullpuckey to me. I have "show all file extensions" enabled, and I renamed the app "VLC" (no .app suffix) to "VLC.mp3" and OS X renamed it to "VLC.mp3.app". It's not possible to remove the .app suffix in that case, since OS X replaces it when you delete it. Even when I turned off "show all file extensions", the .mp3.app renamed. Thus, horseshit.

Still, until we hear more we should be careful.

It isn't a virus  ;)

Loth, from what I've read this proof of concept actually works. However, the code resides in the resource fork, so to get the trojan you would need to download a compressed version of it in a .sit or .dmg, decompress, then run it.

     Yeah, when I looked into it, turns out it's a reasonable idea. Still, even if you are stupid enough to get caught by it now that it's known, it can only run its code with your permissions. Hardly a critical threat. Besides, I bet Apple will have a Security Update out by tomorrow.

Apple has officially stated that it is working on a solution.

I believe you can change the name and get rid of the .app by using "Get Info" and saving it.

would this affect mp3 files that are automatically run when downloaded through limewire or  acquisition?

Update: Wired posts more information on the purported Trojan:

[Intego] gave the impression that this is a threat, but it isn't," said Dave Schroeder, a systems engineer with the University of Wisconsin. "It is a benign proof of concept that was posted to a newsgroup. It isn't in the wild, and can't be spread in the wild. It's a non-issue."

source www.macrumors.com (news section)

That's good to hear, but as of now LimeWire is removed from my computer to prevent my brother from downloading mp3's, and I banned the website, so until it's fixed and confirmed by apple as a bs threat, I'm gonna be careful.

Crypt, your bro can download all the MP3's his little heart desires from Limewire.  In order for the trojan to work it needs to be decompressed from a sit file.  If you only transfer the mp3 apparently all you hear is someone laughing.