Thanks to Apple Computer's rising star in the world of digital music, Mac OS X has become a target for malware authors.

A Trojan horse, called MP3Concept or MP3Virus.gen, has been discovered that masquerades as an MP3 file. It hides in ID tags of the file and becomes activated when unwary users click on it, expecting to play a digital song.

"This is the first native Mac OS virus we've found," said Brian Davis, U.S. sales manager for Intego, a Mac security and privacy firm that discovered the Trojan.

The Trojan is benign, according to Intego. If launched, it doesn't do anything except access files in the System folder. But Intego warned that the code could be modified easily to delete files or hijack a machine and replicate itself through e-mail.

"This is likely a test Trojan showing these things are possible," said Davis. "There's definitely an open door we don't want to leave open."

The Trojan appears to be the first malicious code for Mac OS X, which was launched in March 2001.

Until now, Mac users have prided themselves on running a system that has been largely virus-free. Few Mac OS X users run antivirus software, or are wary of double-clicking files they've downloaded or received in e-mail.

That could change quickly. Nearly half of the executable files downloaded through Kazaa contain malicious code like viruses and Trojan horses, according to a recent study by security firm TruSecure. Out of 4,778 files downloaded in one month for the study, nearly half contained various types of nefarious code.

Security consultant and virus expert Ken Vanwyk, said there was nothing special protecting Mac OS X, or Linux for that matter, from malicious code.

"They're all susceptible to viruses and Trojans, just as Windows is," he said. "They just haven’t been targeted yet."

Vanwyk cautioned OS X users not to open e-mail attachments unless they were expecting them.

"If OS X users are being careful, I don’t see they should be rushing out to buy antivirus software," he said. "But if it goes the way of Windows, anti-virus product is in their future."

Davis said the Trojan most likely appeared because of Apple's growing influence in digital music.

"Given Apple's previous market share, OS X wasn't a challenge," he said. "As Apple becomes more visible, it's more of an attractive target."

The Trojan appears to be an ordinary MP3 file. In fact, it will play music if launched from inside a digital jukebox like Apple's iTunes. The song plays and the Trojan isn't activated. But if the file is double-clicked in the Finder, the Trojan is launched. The file also launches iTunes and plays the song as normal.

Intego publicized the Trojan on Thursday, though it has been online since March 20, according to an examination of its source code.

The Trojan is possibly in the wild. It was first reported to the firm's Paris office by customers in Europe and the United States, Davis said, which suggests it is circulating. Davis didn’t know if the Trojan was on file-sharing networks.

The Trojan's profile is included in the firm's updated virus definitions for its OS X security product, VirusBarrier.

An Apple spokeswoman said the company was aware of Intego's report and is investigating.

OK, this one isn't written to do damage, but... How much damage could one of these do when run by a normal user? Are normal users in OS X able to alter system files? If not, would malware be able to damage system files? Would they have to run as standalone (root exploits excepted) apps since they couldn't integrate into system files? Maybe they'd be easy to detect just by running "top" or something, and the worst they could do would be to destroy that user's files. Gotta learn more about this...

The stupid thing about this whole Apple thing is that the myth of invulnerability challenges malicious MF's to develop attacks.

I say "myth" because OS-X is just a really cool Unix shell. The most cool Unix shell. The braniacs at Apple worked their extreme magic and made Unix useful for dummies (like me!). But doodoo-head Mac users haven't been under assault by malwarians for the past decade (like Winders users have been) and so are generally clueless about protecting themselves.

If Mac actually were to be anything more than a marginal product, it would be no more immune from attack than Winders.

BTW, I am a complete Mac-o-phile. I owned Mac's since the first TV advert and look forward to owning a bleeding-edge Mac again someday. But the stupid people at Apple are like the dummies at M-B used to be. Apple builds computers that are mechanically, electronically, and logically very long-lived. I have a 1989 or 1990 Mac IIsi that is still useful and my wife took it to her school so the kids could use the ancient software. The combo hardware and software is still superior to what she has for her grade level on her school-supplied Puntium III's.

BTW: confession time. I downloaded a pirated version of a very famous math/analysis program. My purpose is evaluation. I tried their legal downloadable version and found it too crippled to evaluate. If I like it, I'll buy it. If not, I'll erase it (why keep something I don't use?).

MikeMover, how does this conform with my moral absolutism when it comes to mp3's?

B

It's Dubya, Cheney and Gates scheming together to tak Apple down. Some say Dubya wrote the code himself, because Clarke had an Apple.

In etc/fstab you can set noexec can't you so you can't execute even if the file is 777?

In bash you use umask in /etc/bashrc?

I don't have OSX, I wouldn't know.

__________________
You don't need a weatherman to know which way the wind blows - Robert A. Zimmerman

I routinely run 'Spybot' and 'AdAware' on my Windoze machine.. but what is there for the OS X? My iMac DV is on 'X' and althought it's mainlyh for compliance testing.. I really love that machine (and as a former engineer for a UNIX company.. I love the underlying OS too!).

Not sure what afect making that mod to fstab would have. Interesting idea. Man.. I left the UNIX world in 1998... may GAWD I've forgotten a lot..

Setting the umask in the uer's config files (what is the default shell for users in OS X? hm.. I should go look) might help.. but that can always be over-ridden by the user themselves so why not expect the program could chmod it self into executiong bliss?

Thought provoking morning post. I'll have to pass this onto my Mac zelot pals..

__________________
-----------------------------------------------------

I have both PC and Apple machines at work. I spend most of my time on the PC, my cube-mate is on his Apple most of the time. He's a rabid Applephile. At least once a day I get to hear all about how Bill Gates and Microsoft is/are either screwing the world, taking over the world or a lengthy rant on one of the many reasons Apples are so friggin superior to the PC.

Pride goeth before a fall. RC will have to eat his words now...heh, heh.

Personally, I don't give a damn if I sit behind an Apple or a PC just as long as the stupid thing does what it's supposed to do when I want it to do it.

__________________
Never a dull moment at Berry Hill Farm.

Hahaha....

Well, you know you're still "technically" in the wrong, but if their evaluation version is so watered-down that you can't properly check it out, then I guess one could argue that they are "asking" for it....

Mike

__________________
_____
1979 300 SD
350,000 miles
_____
1982 300D-gone---sold to a buddy
_____
1985 300TD
270,000 miles
_____
1994 E320
not my favorite, but the wife wanted it

www.myspace.com/mikemover
www.myspace.com/openskystudio
www.myspace.com/speedxband
www.myspace.com/openskyseparators
www.myspace.com/doubledrivemusic

Like you say, legally I know I haven't any defense. Also, its kind of shaky ethical ground. I'm a recovering pirate, I guess. When I was in grad school I don't think I had more than a couple of legit titles. I rationalized the usual excuses.

Now I'm like John McCain caught with his hand in the S&L till. "Don't you guys do what I did, its really bad!" Come to think of it, that's what I say to my kids about dope and alcohol, too! Hmmm, unabashed hypocrite moralizes to the unwashed. Anybody wanna join my cult? Have some Koolaide.

B