OS X flaw may leave Macs open to virus attacks

TalkBack 30 of 76:: Next »; « Previous

Thread View
Flat View

Sales attempt by anti-virus company: This is a really lame attempt by an anti-virus company to sell
their software.

From http://www.boingboing.net

The Mac OS X mp3 trojan is being blown completely out of
proportion. Quick review of facts so far:

1. It was pointed out in a Usenet thread that it is possible to
embed arbitrary data in an mp3 2. It was subsequently
suggested that the arbitrary data could be executable 3. An
enterprising developer proceeded to then create a file which to
any mp3 player will appear as an mp3 file, but the Mac OS X
Finder sees it as an application 4. An anti-virus vendor
published advertising for their product saying that it has a cure
for this form of Trojan.

Some other relevant points:

1. This has little to do with Mac OS X vs. Mac OS 9. The exact
same file will do the exact same thing on Mac OS 9 -- be
playable by mp3 players, and act as an application 2. This has
little to do with Mac OS X using extensions to identify file types.
The icon shown by the Finder could be embedded in the file
itself, in which case the file would look like an mp3 file
regardless of its name. 3. This trick requires using the resource
fork, and therefore the file has to be transmitted encoded. Any
mp3 file that is transferred as a plain binary file (as opposed to a
Mac binary file, with the resource fork), is harmless. 4. The fact
that the file can be played in am mp3 player is irrelevant; if the
trojan were malicious, the user would be doomed after double-
clicking on it regardless of whether the file is a valid audio file.

To summarize, a Mac application can have any icon or name
whatsoever, including a name and an icon that make it look like
a <ocument. Exactly what happens when you receive such an
application (in email or by downloading it in your browser)
depends on your settings, but I am not aware of any case in
which it will be automatically launched.

Therefore, to activate this Trojan you have to either receive a
Mac-encoded attachment and double-click on it in the Finder, or
you have to download a Mac-encoded a file (which is then
usually decoded to your desktop) and double-click it in the
Finder.

The only reason that this is news is that a vendor of anti-virus
software took it as an opportunity to generate some advertising,
as far as I can tell.; Posted by: tic swayback Posted on: 04/09/04 You are currently: a Guest | Members login | Terms of Use

Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

So long as MkIIISupra | 04/09/04

you assume JoeMama_z | 04/09/04

No I read the story... MkIIISupra | 04/09/04

Recent April 5th security update fixed this. paul351 | 04/09/04

I disagree richhayes | 04/10/04

unless .. g_ludlow | 04/10/04

Yes and no. Immanuel Tranz-Mischen | 04/10/04

Yes and no richhayes | 04/10/04

But they have to know the password. Immanuel Tranz-Mischen | 04/10/04

you must have misunderstood me.... JoeMama_z | 04/10/04

Just goes to show you why... voska | 04/12/04

True, but... Immanuel Tranz-Mischen | 04/09/04

But.. d_jedi | 04/09/04

Re: But.. Franklin_z | 04/09/04

OK, then.. d_jedi | 04/09/04

You're missing the whole point. Immanuel Tranz-Mischen | 04/10/04

More importantly.... JoeMama_z | 04/10/04

User are what they are. Immanuel Tranz-Mischen | 04/10/04

Easy to avoid jjenkins | 04/09/04

...or better yet David Wandelt | 04/09/04

I download legal mp3's all the time tic swayback | 04/09/04

FUD! d_jedi | 04/09/04

It is illegal if... voska | 04/12/04

Are you sure? Immanuel Tranz-Mischen | 04/09/04

you're kidding, right? gudin | 04/12/04

Everybody's such a genius... Christopher McLendon | 04/09/04

That's easy! MkIIISupra | 04/09/04

Administrator vs. root Immanuel Tranz-Mischen | 04/10/04

Is that even possible? Immanuel Tranz-Mischen | 04/10/04

Sales attempt by anti-virus company tic swayback | 04/09/04

Re: Sales attempt by anti-virus company Immanuel Tranz-Mischen | 04/09/04

Best extra info I've found on the trojan Squawkbox | 04/09/04

Wrong Info ITGuy04 | 04/12/04

Shame on "shame on you" escoles@... | 04/10/04

You're not being very discerning. Immanuel Tranz-Mischen | 04/10/04

Unix richhayes | 04/10/04

really missing the point TWRX | 04/10/04

Missing the point. richhayes | 04/12/04

The Point is: TWRX | 04/12/04

Please notice richhayes | 04/12/04

richhayes mabricen | 04/12/04

Do Know richhayes | 04/13/04

Unix is no less user friendly than DOS. Immanuel Tranz-Mischen | 04/10/04

Make up your mind richhayes | 04/12/04

Please make up your mind NemesisNL | 04/12/04

I agree, to a point richhayes | 04/12/04

Right on !!! mabricen | 04/12/04

You succeeded in precisely missing my point. escoles@... | 04/10/04

How does one miss something precisely? Immanuel Tranz-Mischen | 04/10/04

You seem to do a pretty good job escoles@... | 04/12/04

"unable to tell..." tooner440 | 04/12/04

No security solution, and education is insufficient escoles@... | 04/12/04

good point tooner440 | 04/12/04

It's clear that you know nothing of OSX j.m.galvin | 04/12/04

Not bad.. 60,000 to 1 ratio Xunil_Sierutuf | 04/10/04

I'm reserving judgement... tooner440 | 04/12/04

It's the software design Rick_K | 04/12/04

New Story Title TWRX | 04/10/04

Zzzzzzzzzzzzz...next jimk_z | 04/10/04

The Operant Word Here is "May" Yen_z | 04/11/04

Ouchhh, so right mabricen | 04/12/04

It's not a virus Romanval | 04/11/04

Too smart for your own good jmquinn72 | 04/12/04

Get over yourself MarcB_z | 04/12/04

Reality Distortion Fields escoles@... | 04/12/04

jmquinn72 mabricen | 04/12/04

For the record, mlindl | 04/12/04

mlindl mabricen | 04/12/04

I buy Macs because they ar superior to Windows PCs MacGeek2121 | 04/13/04

Intego & Probability joemckernan | 04/12/04

If OS X is vulnerable with it's BSD OS then...... jfalknor | 04/12/04

Not entirely correct reasoning dscherf | 04/12/04

Not even close j.m.galvin | 04/12/04

Too many Windows = glass houses fuchikoma | 04/12/04

This is not news! MacGeek2121 | 04/13/04

Exploitation is bad, supporter grief against FilledOut | 04/15/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Busting the myths about QuickBooks Enterprise Solutions and IBM Smart Business IBM So you already know there aren't actually any alligators in the New York ... Download Now
Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SmartPlanet

Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
More from IBM
How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
Linking Decisions and Information for Organizational Performance Read the Tom Davenport study

Read the original story

OS X flaw may leave Macs open to virus attacks

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads