|
Register | FAQ | The Twelve Commandments | Members List | Calendar | Arcade | Find the Best VPN | Today's Posts | Search |
General Mac OSX Support For general issues regarding Mac OS X users |
| LinkBack | Thread Tools | Display Modes |
| |||
Hey--we almost got our first trojan on OSX! Slashdot is discussing a way a trojan can be disguised as an .mp3 file. Shamely (thanks Phillipe), it's only theoretical at this point Quote:
And here I thought trojans were for protection. pfft. Where can I buy a windows machine? Last edited by stief; April 8th, 2004 at 03:44 PM. |
| |||
I really enjoy reading slashdot. The posters there are knowledgeable, informed, irreverent, uninhibited and funny. I was just reading about the trojan on the Apple discussion boards (link soon to be inactive), and what a stuffy contrast! Cheers. |
| ||||
Hip hip hip, HOURRA! This indicates that the os x platform is becoming a widely used platform, great
__________________ Liens d'intérêt /Links of interest: Gnutellaforums en français /The House's rules you have to respect / First search the forum, then create a thread / Free software alternatives! - Logiciels alternatifs gratuits!/ |
| ||||
Hmm, hmm I read the entire thread and maybe you're right after all. But I'm still skeptical...
__________________ iMac G4 OSX 10.3.9 RAM 256MB LW 4.10.5 Basic ADSL anything from 3 to 8Mbps/around 1024kbps "Raise your can of Beer on high And seal your fate forever Our best years have passed us by The Golden Age Of Leather" -Blue Öyster Cult- |
| |||
Salut et voilà j'ai vu que http://www.macbidouille.com/niouzcon...004-04-08#8261 covered the news, but my poor reading skills there could only pick up that they quoted the Intego press release (which in English looked to me like marketing FUD). Even Macintouch's initial coverage was pretty disappointing. I'm starting to find that Slashdot looks to be the site to monitor for breaking news. C'est vrai? |
| ||||
Well really, that news came everywhere fast because it is a mac os x first, and windows users we're so jealous they kept saying we weren't immune which is true, and it happened today. However this is a potential trojan. Not an identified one. The range of infection of this "potential" trojan between mac users seems small to me. However, it affects more people like us who use P2P to share and download non copyrighted music Normally, potential holes in os code are found by hackers and independant security experts, the fact that Intego found that one and sells an antivirus sure look suspicious to me, and we shall all be vigilent about that. But now that an hole is indentified (not sure if it is verified by independant sources), if someone can use it easily, the trojan will come soon enough I'd say by the summer, if not, it might be a scam to sell software that slows down mac Bonne soirée à tous Mise À Jour, Stief the macbidouille.com has a translation in english sister site for the french incompetents http://hardmac.com/niouzcontenu.php?...004-04-08#1882 In summary, the potential trojan can delete user files, but not system files. Also this only affects carbon based apps (like itunes) and a potential fix should be easy for Apple to produce (so fu*ck the AV companies on os x ) En passant macbidouille.com is the most accurate and informed web site on the mac I know, all should read it. English equivalents can't compare to it, but isn't french le langage de la raison
__________________ Liens d'intérêt /Links of interest: Gnutellaforums en français /The House's rules you have to respect / First search the forum, then create a thread / Free software alternatives! - Logiciels alternatifs gratuits!/ Last edited by et voilà; April 8th, 2004 at 08:14 PM. |
| |||
merci--I be for go read . btw--looks like this was discussed on the comp.sys.mac.programmer.misc newsgroup and the proof-of-concept posted on the 20th of March. Intego should get a few buck out of it, but for USD 40 more, Mac tinfoilhatters can get a free Virex with a full Dot Mac account. I'll post when Virex updates their DAT's--LOL: looks like Intego scooped them. Bonne soir---à later. |
| |||
Greetings... Well, first, three words: HO-LEEE-CRAP!!!! Does this thread mean that someone has picked up what I *THINK* may be my original concept and took off running with it??? Back around the 20th of March or thereabouts, I posted a message to usenet that got me thinking, and worrying. It involved the potential transport of a virus/tworm/trojan-like payload in the ID3 tags of an MP3 file. When I posted, it was complete "pie in the sky", with no sort of reality to it whatsoever - pure "thought games". But at least in theory, it seemed like something that could be possible. Not long after I made the post, before I'd actually accomplished anything more substantial than confirming that it *MIGHT* be *POSSIBLE* under *SOME* circumstances with my experiments in that direction, I got an email containing an attachment. That attachment came from someone I didn't (and still don't) know from Adam - One "Bo Lindbergh". Its content was what he called a "proof of concept virus" - It was an MP3 that played a section taken from one of those "maniacal laughter" soundtracks when loaded into an MP3 player, and at the same time, it was an executable file that did what amounts to saying "If this had been a real virus, you're be infectecd right now. Be glad it was only a test." it confirmed my worst fears for the concept - Not only was it doable, Bo had proven to my satisfaction (and far beyond) that it was *EASILY* doable - I don't think it was 48 hours from my post to the arrival of the proof of concept in my mailbox. The original post was intended as a thought problem and/or sanity-check - "Hey guys, am I freaking out prematurely, or is this an actual possibility - It sounds logical to me?" What it generated was downright scary. An all-too real trojan/viral threat against Macs that had, apparently, never been considered before. Not my intent at all... In all honesty, I was *HOPING* to get shot down in flames as a complete raving paranoid nutbar. The reality turns out to be that I was neither nuts nor paranoid, and the threat is not only plausible, but entirely practical, and all too real. Now I'm finding that my "bright idea" has taken on a life of its own, and even prompted one company to develop a "cure" for a "disease" that to my knowledge, doesn't actually exist yet, except as a lone proof-of-concept MP3 file. I've made slashdot, however indirectly, because of it. Not exactly my intent when I first dragged my post out of a newsgroup devoted to electronic schematic diagrams into a mac-related group with every hope that I'd get shot down in a ball of flames, the likes of which haven't been seen since Baron von Richtoffen's Fokker was swatted down. To the nay-sayers who are claiming that the payload isn't in the ID3 tags - In *THIS* version, that may be true, but I can see absolutely no reason why that couldn't be the case. If one doesn't care about the possibilty of "audio garbage" at the start of the playable MP3 data (and who hasn't downloaded (or even created) at least one MP3 file that has a "glitch" in it somewhere?) it's trivial to set things up so that the first MP3 block is actually a minimal PEF container that does nothing but jump to a predetermined byte-offset within the file - A byte-ofset that is the start of executable code stored in one (or more) of the ID3 tags that can be present. (My original proposal was to store the executable in the ID3 tag normally earmarked for album-cover images - Imagine that - a tag that's designed to hold an arbitrary-length chunk of binary data holding binary data that's malware...) If properly constructed, such an MP3 file would be playable (with a minor glitch at the beginning of the audio) by any MP3 player, on any platform, that doesn't choke on files containing ID3 information. But if double-clicked from the Finder on a MacOS machine, it fires up as an application, and does whatever the code embedded in the ID3 tag commands. As added camoflauge, I can see no reason why the final action taken by the "payload" couldn't be a command to open and play the MP3 using whatever MP3 player the victim may have on his/her computer, giving even more "authenticity" to the infected file. I can see the logic already - "I double-clicked it, and it said 'Congratulations, sucker! You just got hit with a virus.' It scared me for a second, but then I opened it up in <insert name of user's preferred MP3 player> and it did the same thing. Whew... Big deal. Somebody recorded himself saying 'Congratulations, sucker! You just got hit with a virus.', then passed it out over Gnutella as an MP3 file. Ha-ha. How clever. Very funny. But no big deal, since everybody knows that you can't get a virus from an MP3!" Yet underneath, lies the sinister truth: While the "music" was playing, some, perhaps all, of your shared MP3 files have been similarly infected, so the next time you hook up to the Gnutella network, you've just become another source for the virus. One only has to pause and think for a moment about the ramifications of that - A Mac virus/trojan. In a file that is compatible across all major platforms (even if it isn't directly EXECUTABLE on all of them) without needing any special handling to preserve any special Mac attributes. Running loose on a transport system that's at least partially designed to keep sources of a file obscured from easy view. And where the occasional "glitched" file is a normal fact of the medium. Put it all together, and it becomes a potential nightmare... I welcome commentary via email - I'm posting here only because one of your members emailed me with a "please come settle the argument" type message. I don't normally pay much attention to forum sites like this one, so it's unlikely that I'll catch any discussion that happens here. If you would like to email me on the topic, be aware of the draconian filtering I have in place on my mailbox - see <http://www.sonic.net/~dakidd/main/contact.html> for the method to bypass the filters... Sorry to be so long-winded, but thanks for reading! Don |
| |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
I think I downloaded a Trojan ??? | scott22 | Download/Upload | 3 | June 11th, 2004 05:40 AM |
Trojan in file | imstormie2 | Tips & Tricks | 3 | March 11th, 2004 04:40 PM |
I think I downloaded a Trojan ??? | scott22 | Bug Reports | 1 | October 1st, 2003 11:12 PM |
trojan horse | 123yebo | General Gnutella / Gnutella Network Discussion | 7 | June 17th, 2002 07:16 PM |
*Trojan Horse!! | ChronKyrios | BearShare Open Discussion | 8 | March 6th, 2001 08:29 AM |