Just downloaded a couple of mp3's through limewire... had the checkbox enabled to automatically add to iTunes... about 5 minutes later finder curser started spinning then everything from the desktop dissapeared, and everythhing in my home folder... all gone. Is this the Mp3 that mp3 trojan? Tried everything, I'm not a newbie and have been doing allot of research for a cause. Doesn't seemed to have affected anything outside my user folder, but as you can imagine, lost my mail, fonts, photos, mp3's etc....

Anyone else experience this?

Ouch

No, and I searched for that mp3 trojan before, but it didn't exist except as a benign proof-of-concept. If someone has modified and distributed it as malicious, then the latest security patches should have prevented what you describe.

The other situation I have read of that could done this involves some external firewire drives, but those have been fixed by a firmware update quite a while ago.

Sorry to hear of your troubles: PM the names of the files you tried and I'll see if I can reproduce the situation on a different home folder.

LW 4.0.6 Pro on G3 running a fully updated Panther 10.3.4 here.

The MP3 "trojan" relies on Resource Forks and LimeWire (and all other Gnutella clients I know of) can neither read nor write Resource Forks. An attempt to share (download/upload) a file with a Resource Fork will end up in an incomplete - i.e. "destroyed" file - which is good in this case.

Therefore the file must be encoded in a special format like .sit which preserves Resource Forks and you must decode it yourself because LimeWire knows nothing about file encoding formats.

Well, and finally you must double-click the decoded file yourself because it's a Finder bug. LimeWire doesn't deal with the Finder to add files to iTunes...

http://spam.weblogsinc.com/entry/4585038725182359/

true
btw, DaKidd, who came up with the idea also thought it could be adapted to exploit mp3's through iTunes with no/minimal user intervention.

Quote:

To the nay-sayers who are claiming that the payload isn't in the ID3 tags - In *THIS* version, that may be true, but I can see absolutely no reason why that couldn't be the case. If one doesn't care about the possibilty of "audio garbage" at the start of the playable MP3 data (and who hasn't downloaded (or even created) at least one MP3 file that has a "glitch" in it somewhere?) it's trivial to set things up so that the first MP3 block is actually a minimal PEF container that does nothing but jump to a predetermined byte-offset within the file - A byte-ofset that is the start of executable code stored in one (or more) of the ID3 tags that can be present. (My original proposal was to store the executable in the ID3 tag normally earmarked for album-cover images - Imagine that - a tag that's designed to hold an arbitrary-length chunk of binary data holding binary data that's malware...)

http://www.gnutellaforums.com/showth...threadid=24956

Well needless to say it did happen as i described, I was working in Photoshop and Dreamweaver and had Limwire on in the background only downloading 3 mp3 files... when 2 of the downloads where complete (a third one was finishing) the beachball showed up ( I was trying to access the music in my shared folder but it wouldn't let me into the HD cause of the activity) and then when I accessed my home folder not only was everything gone in there but so was everything on my desktop... I have also noticed all my sound settings are gone as well as in I have no more sound, very weird. Never have come across this and the only thing I was doing out of the ordinary was using limewire. I did have the checkbox in LW selected to auto add to itunes, and itunes sometimes will start playing these automatically BTW! So at this point I thought I could get away with just putting on the stuff that was erased ( i keep backups) but seems like there is more to this... missing my sound being one of them.. I'm slowly finding other things it touched like my mail and FTP (which of course all the settings are in my Home folder).

On the other hand I do have a Firewire drive hooked up all the time to this machine, is this similar to the FW problem you mentioned? Let me know, for now I'm sterring clear of LW on this user account, but I wanted to gives everyone a heads up if it does indeed turn out to indeed be a malicious LW thing.

Thanks for your responses!

opps my bad on the sound thing... I restarted in safe mode to trouble shoot so i have sound but lost everything else...