Boris Mann

Open Source. Community. Decentralized Web. Building dev tools at Fission. Cooks & eats.


First Mac OS X Trojan

  • Created: April 08, 2004
  • Mac

Intego, the Macintosh security specialist, has just released updated virus definitions for Intego VirusBarrier to protect Mac users against the first Trojan horse that affects Mac OS X. This Trojan horse, MP3Concept (MP3Virus.Gen), exploits a weakness in Mac OS X where applications can appear to be other types of files.

The Trojan horse's code is encapsulated in the ID3 tag of an MP3 (digital music) file. This code is in reality a hidden application that can run on any Macintosh computer running Mac OS X.

Intego: Intego Announces Protection against the First Mac OS X Trojan Horse: MP3Concept

Is this a buffer overflow? As far as I know, there is nothing inside ID3 that gets "executed" -- it just gets read. Does this also happen when you drag and drop the file onto the iTunes application or dock icon? More questions than answers...

Update: Jay Allen was asking the same questions I did, and then went a couple of hundred steps further and really dissected the Intego press release. He's kept his post up to date with all current information. Bottom line: this is much less of a problem than it sounds.