“Apple Computer Inc. responded on Friday to an advisory issued by security software-maker Intego on Thursday. Apple said they were aware of the issue outlined by Intego and that they were investigating,” MacCentral reports.
“‘We are aware of the potential issue identified by Intego and are working proactively to investigate it,’ said Apple in a statement given to MacCentral. ‘While no operating system can be completely secure from all threats, Apple has an excellent track record of identifying and rapidly correcting potential vulnerabilities,'” MacCentral reports.
Full article here.
Good deal. Apple will snuff this before one ever gets into the wild.
I wouldn’t be so sure that Apple will get it before any of these get into the wild. I am sure that someone out there is working quickly to create a real horse with a payload to do some damage. They then need to determine how to get it out there without getting caught. It may not get to be widespread quickly, and Apple may head it off at the pass, but unless Apple gets a fix out next week, someone will beat them.
The thing that virus writers will soon discover is that Mac users are not a bunch of morons that click on attachments they can’t identify, unlike the majority of clueless PC lemmings.
They are going to have to come up with self-executing files if they ever hope to do any serious damage to most Mac desktops.
Mac users are just too intelligent to fall for the usual crap that is used to infect most PCs.
The thing with this trojan horse though is that it’s part of a file that most people are familiar with; an MP3 file. Granted, most of the people infected will be those that use file sharing apps and most likely those looking for the latest and hottest songs on the radio (aka crap).
But at the same time, if the mac is used by a family which includes teenagers or college kids that have a mac for the cool factor, you’ll see this thing spread.
On another note: MDN, get rid of the banner ad for the Free Lobster Dinner and the one asking “Which One is Snoop Dogg?”. They’re seizure inducers.
I’ll bet Apple gets this patched in short order. Unlike that last major worm threat that M$ took over 7 months to patch…
There’s plenty of Mac users out there who are stupid enough to click on an unknown file. And plenty of them have a single user account that everyone in the family uses too.
The thing that’s going to slow down an OS X trojan is that there are too few Macs to allow the kind of unrestrained propogation you see with Winblows virii. A Mac virus will need to be a Mac/Windows hybrid that can infect Windows machines also, otherwise it won’t be able to propagate through the vast numbers of non-Mac machines between it’s origin and any Macs out there.
I second the motion by natis to get rid of those blinking banner ads. Yer killin’ me, man.
I am sure this can be fixed with another security update from Apple. But really nothing is broken. It’s theoretical. No one has done anything yet. And a lot of this can be thwarted with using a little sense when dealing with files from unknown sources or for those who “borrow” MP3s from Limewire. A “Get Info” on a file of this nature would show it as type “application.” Obviously there is something fishy with an MP3 showing up as an application instead of a document.
I don’t care which one is Soop-Dog now that I have a head-ache from that damn banner!
“The thing that’s going to slow down an OS X trojan is that there are too few Macs to allow the kind of unrestrained propogation you see with Winblows virii.”
You know, that’s one reason I’d love to write something that e-mailed itself to everyone in the address book, just to see what happens.
Hey, this sounds like a good poll question: What percentage of the people in your address book are Mac users? If I had to guess (since I have an address book on my machine at work and a different one for the machine at home and I don’t sync them), I’d put it between 25-35% Mac users. And a few of them use Mac OS 9…
How about all of you?
Oh, and in regard to the ads. Three Little Words: Norton Internet Security.
Gotta love ad blocking.
“There’s plenty of Mac users out there who are stupid enough to click on an unknown file. “
I’ll stick to my original prediction. The level of stupidity on the Mac side is far lower than on the PC side. Most Mac users are far more computer savvy than PC users, contrary to what the Mac’s ease of use would have non-Mac users believe.
Just as I predicted the run-away success of the iPOD Mini on January 6th while surrounded by a majority who predicted certain failure of the product, I predict that clickable virus attachments won’t fool even a fifth of Mac users and thus will be ineffective.
This of course is considering that Apple doesn’t take steps to combat the threat, which I am sure they are already working to do.
The blinking ads are as annoying as the japanese cartoons shows that cause seizures. On the subject of trojans (some people just have to make trouble for others) its going to happen from time to time, at least they are rare on the mac.
This pretty much confirms the FUD…
http://www.wired.com/news/mac/0,2125,63000,00.html
There has been a lot of talk of this trojan on Slashdot, and while I ain’t no programmer, it appears that if you play the mp3 in iTunes it’s fine. If you double click in finder then you have trouble. If you download it from any non-MacOsX source such as Kazaa you are ok because the file format destroys the resource fork that is exploited. There. It seems Mac users will be ok. As I type this on my xp machine it seems that twenty similar trojans for PC have been documented for PC this week. I don’t know why you guys use Macs. I really don’t…………ahem…..
Sorry – remembering that this example has no payload, – but if it did..
Right on the front page of Yahoo.
“Mac OS X Attacked by Trojan Horse”
And I love this excerpt
Unix underpinnings means it is “probably far more secure” than earlier Max OSes, Gartenberg said. “Previous Mac OSes were not overly robust in terms of withstanding attacks. If you tried to attack a system 7 Mac in its heyday, it would probably have crashed before you got into it.”
Apple representatives were not immediately available for comment.
? How about probably more secure than WINDOZ. MAX?
http://story.news.yahoo.com/news?tmpl=story&u=/nf/20040409/bs_nf/23646
WOW, they took that down quick. Link still works but it’s off the front page.
And with only 3 messages in the discussion board. Looks like the Steve launched the dogs on yahoo.
This is why the Apple OS is so dangerous…
all the user has to do is double-click on a mp3 icon…
the Trojan runs…
And uses the secure-delete function to delete all of the the files in the home directory.
This is very bad…. very bad.
Now their is not a chance of anybody using the Apple OS in the business world.
… all of your data is at risk because of a simple mp3 file
… this is a very unsafe OS
… stick with MS at least your data is safe
�
R.V. wrote: Mac users are just too intelligent to fall for the usual crap that is used to infect most PCs.
… and we’re just plain modest too! 😀
—–
—–
Peter:
My address book (trimmed down recently), has maybe 8 or so Mac users compared to 80+ PC users. I don’t know anyone having bought a new Mac in the past year. 🙁
R.V. wrote: Mac users are just too intelligent to fall for the usual crap that is used to infect most PCs.
… and we’re just plain modest too! 😀
—–
—–
Peter:
My address book (trimmed down recently), has maybe 8 or so Mac users compared to 80+ PC users. I don’t know anyone having bought a new Mac in the past year. 🙁
I am glad that Wired exposed this as the bullshit propagandist FUD that it is.
It was not cool for the original programmer to post this code and I am glad that he has subsequently taken it down, hopefully in time. I still think that one reason that there are no active Viruses etc for OS X is that you have to get to know the OS very well in order to write one. In getting to know OS X almost everyone comes to love and enjoy it so much that the motivation to write a malicious code is defused. As long as we can continue to make the virus writers try out OS X before they can produce a virus for it, OS X will continue to be safer. OS X is just too nice, helpful, and friendly of a guy for people to want to mess him up
” width=”19″ height=”19″ alt=”grin” style=”border:0;” />
Intego discovers trojan horse for MacOS X, acts bizarrely about it
4/09/04, 7:37 am EST
The first trojan horse to affect MacOS X, discovered by antivirus firm Intego, is said to exploit the user’s system by masquerading as an mp3 file. However, the trojan horse is not currently in circulation and, for that matter, does not appear to actually exist. Intego has apparently merely discovered “proof of concept,” meaning that such a trojan horse could theoretically be created. Furthermore, Intego’s insistence on treating the discovery as if it were a new product announcement have cast doubt as to the legitimacy and severity of their entire matter. Bizarre actions on the part of the company range from having a PR firm send out a press release announcing the discovery, to placing banner ads on its own site making the announcement that, when clicked, prompt the user to purchase on of Intego’s products. Even if this trojan horse does indeed turn out to be legitimate, Mac users should be comforted in knowing that in contrast, Symantec has discovered nineteen similar vulnerabilities for Windows so far this week.
1: Didn’t have the decency to call Apple first
2: Created unnecessary FUD (fear, uncertainty, doubt) to promote own sales
3: Tried to play us smarter Mac users as fools, like windroids
All the hallmarks of a irresponsible company, hope Apple fixes the exploit so fast that Intego can’t make a dime off their software. Fix their ass for good.
I will from now on never buy a Intego product, it seems they are more concerned creating a problem for them to solve with my money.
Screw them.