[muglo] Re: Entourage VIRUS Warning

Intego is confirming the existence of the first trojan horse that infects
Mac OS X.

http://www.intego.com/news/pr40.html

Intego, the Macintosh security specialist, has just released updated virus
definitions for Intego VirusBarrier to protect Mac users against the first
Trojan horse that affects Mac OS X. This Trojan horse, MP3Concept
(MP3Virus.Gen), exploits a weakness in Mac OS X where applications can
appear to be other types of files.
=A0 The Trojan horse's code is encapsulated in the ID3 tag of an MP3 (digital
music) file. This code is in reality a hidden application that can run on
any Macintosh computer running Mac OS X.
=A0 Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rathe=
r
than showing the file as an application, leading users to believe that they
can double-click the file to listen to it. But double clicking the file
launches the hidden code, which can damage or delete files on computers
running Mac OS X, then iTunes to play the music contained in the file, to
make users think that it is really an MP3 file . While the first versions o=
f
this Trojan horse that Intego has isolated are benign, this technique opens
the door to more serious risks.
=A0 This Trojan horse has the potential to do any of the following:

*    Delete all of a user's personal files
*    Send an e-mail message containing a copy of itself to other users
*    Infect other MP3, JPEG, GIF or QuickTime files
Due to the use of this technique, users can no longer safely double-click
MP3 files in Mac OS X. This same technique could be used with JPEG and GIF
files, though no such cases of infected graphic files have yet been seen.




on 4/8/04 7:16 PM, Eurogarth at eurogarth@xxxxxxxxxx wrote:

> Thanx Mary I've sent a message to Symantec as I really do have the bug an=
d
> it interferes with my e-mail.
>=20
>> At 3:01 PM -0400 4/8/04, Eurogarth wrote:
>>=20
>>> Mary, they ARE NOT HARMLESS!
>>>=20
>>> The virus was operating from my imac sending out email to people on my =
list.
>>>=20
>>> Checked with Rogers and they reported out-bound activity when I was in =
"send
>>> only" mode as a test... The damn thing even sent an e-mail FROM me TO m=
e...
>>> Which was the way I knew for sure I was infected.
>>>=20
>>> You may be infected and not know it.
>>=20
>>=20
>>=20
>> Check here:
>> <http://service1.symantec.com/SUPPORT/num.nsf/docid/2003082109055811>
>>=20
>>=20
>> ----quote----------------------------
>>=20
>> Are Macintoshes affected by mass-mailing viruses or worms?
>>=20
>> Situation:
>> You were told or you suspect that your Macintosh is infected with a
>> mass-mailing virus, such as Sobig, Klez, Bugbear, Aliz, Goner,
>> Badtrans, Sircam or Nimda.
>>=20
>> Solution:
>> To date, there is only one known mass-mailing worm that can infect
>> the Macintosh. This worm, known as Mac.Simpsons@mm, is an AppleScript
>> worm that can infect a Macintosh running Mac OS 8 - 9 and cannot
>> infect Mac OS X. Norton AntiVirus for Macintosh versions 5 through 9,
>> with virus definitions dated July 2001 or later, can detect this worm.
>>=20
>> Some Windows-specific mass-mailing email worms exploit a
>> vulnerability in the Windows versions of Microsoft Outlook and
>> Outlook Express. The Macintosh versions of Microsoft Outlook Express
>> and Entourage do not have this vulnerability.
>>=20
>> ---- end quote----------------------------
>>=20
>> Thing is, there have been (AFAIK) zero reports of the Simpsons virus
>> showing up for years. So, what you've got going there is still a
>> mystery, IMO.
>>=20
>> [Note: There has been some talk of a mass-mailing Trojan (involving
>> MP3 files) that OS X may be vulnerable to -- but AFAIK, it only
>> exists as a "concept", a "potential" vulnerability.]
>>=20
>> Mary


_________________________________________________

For information concerning the MUGLO List just click on

           http://muglo.on.ca/pages/members.html#Joinmuglo

Don't forget to periodically check our web site at:

           http://muglo.on.ca/

Other related posts: