One of the (many) nice things about being a Mac user is our general invulnerability to the multitudes of viruses, trojan horses, and other exploits that threaten the ‘net on a regular basis. So it’s no wonder that the Mac world is all a-tizzy over anti-virus company Intego releasing news of what appears to be the first Mac OS X trojan horse, wrapped inside an apparent .mp3 file.
This Trojan horse, MP3Concept (MP3Virus.Gen), exploits a weakness in Mac OS X where applications can appear to be other types of files.
The Trojan horse’s code is encapsulated in the ID3 tag of an MP3 (digital music) file. This code is in reality a hidden application that can run on any Macintosh computer running Mac OS X.
Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rather than showing the file as an application, leading users to believe that they can double-click the file to listen to it. But double clicking the file launches the hidden code, which can damage or delete files on computers running Mac OS X, then iTunes to play the music contained in the file, to make users think that it is really an MP3 file . While the first versions of this Trojan horse that Intego has isolated are benign, this technique opens the door to more serious risks.
As it turns out, there are some mitigating factors to this announcement that Intego either didn’t know about, or deliberately chose to ignore in their press release that haven’t been as widely reported, and really should be.
First off — and most importantly — yes, this should be taken seriously, as it does appear to be a very possible source of attack against OS X.
However.
This does not appear to be evidence of someone actually attempting to release a malicious attack into the wild.
Dori Smith was kind enough to point out this usenet thread from comp.sys.mac.programmer.misc where the possibility of this exploit was first broached. During the discussion as to whether or not this was a real possibility, one of the people involved took it upon themselves to create a benign proof-of-concept.
This proof-of-concept seems to be what Intego found, and then proceeded to craft an accurate, but very alarmist press release around. While the concept definitely seems to be sound, and is something that OS X users should keep in mind when accepting files from untrusted sources, there does not appear to actually be a malicious attack of any sort currently propagating across the ‘net aimed at OS X users, now matter how much FUD Intego puts into their Security Alert.
As always, while it’s still very true that OS X is a far more safe and secure system than Windows, no system is entirely safe, and the user has to accept some amount of responsibility for their actions.
iTunes: “Gutter Glitter” by Switchblade Symphony from the album Gothik (1995, 3:50).