« Apples Unix-Rechtsstreit | Start | MacOrama für den 10. April 2004 »


Erster Trojaner unter OS X? (Update)

Den glaubt zumindest Intego entdeckt zu haben und schützt natürlich sogleich gegen selbigen:
"Intego, the Macintosh security specialist, has just released updated virus definitions for Intego VirusBarrier to protect Mac users against the first Trojan horse that affects Mac OS X. This Trojan horse, MP3Concept (MP3Virus.Gen), exploits a weakness in Mac OS X where applications can appear to be other types of files.

The Trojan horse's code is encapsulated in the ID3 tag of an MP3 (digital music) file. This code is in reality a hidden application that can run on any Macintosh computer running Mac OS X.

Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rather than showing the file as an application, leading users to believe that they can double-click the file to listen to it. But double clicking the file launches the hidden code, which can damage or delete files on computers running Mac OS X, then iTunes to play the music contained in the file, to make users think that it is really an MP3 file . While the first versions of this Trojan horse that Intego has isolated are benign, this technique opens the door to more serious risks.

This Trojan horse has the potential to do any of the following:
- Delete all of a user's personal files
- Send an e-mail message containing a copy of itself to other users
- Infect other MP3, JPEG, GIF or QuickTime files

Due to the use of this technique, users can no longer safely double-click MP3 files in Mac OS X. This same technique could be used with JPEG and GIF files, though no such cases of infected graphic files have yet been seen."
(via MacNN)


Inzwischen dürfte weithin durchgedrungen sein, dass es sich bei diesem 'Trojaner' lediglich um eine Farce handelt, schönstes Zitat aus einem Wired-Artikel:
"They gave the impression that this is a threat, but it isn't," said Dave Schroeder, a systems engineer with the University of Wisconsin. "It is a benign proof of concept that was posted to a newsgroup. It isn't in the wild, and can't be spread in the wild. It's a non-issue."

Mehr von Dave Schroeder ist bei MacNN zu lesen:
"The only way for Apple to "fix" this would be to universally visually identify executable applications in some fashion. Whether or not this comes to pass, the true source of real widespread damage from trojans, virii, and worms is their ability to spread. Since any raw transmission without encoding that preserves resource forks effectively neuters the trojan, and since there are no easy ways to mass-propagate a virus using Windows- and Outlook-style methods on Mac OS X, this is really not a major issue at all.
You will likely do more damage sending out a friendly email message politely asking people to move their home directories to the trash."

MacCentral lieferte Apples Reaktion:
"We are aware of the potential issue identified by Intego and are working proactively to investigate it," said Apple in a statement given to MacCentral. "While no operating system can be completely secure from all threats, Apple has an excellent track record of identifying and rapidly correcting potential vulnerabilities."

MacFixIt berichtet ebenfalls ausführlich.

Intego selbst hat eine Q&A-Seite online gestellt, auf der die Meldung erheblich relativiert wird (warum nicht gleich so?) und MacBidouille konnte schnell noch ein Interview mit dem Intego CEO zustande bringen.

Außerdem mit erheblicher Verspätung bei heise.

Posted by Leo at 20:34 | Permalink


TrackBack-Adresse für diesen Eintrag:

Listed below are links to weblogs that reference Erster Trojaner unter OS X? (Update):