First Mac OS X virus targets MP3 users

First Mac OS X virus targets MP3 users

PC users who switched to Apple Computer Inc. to enjoy the virus-free Mac OS X environment have just been kicked out of paradise.

A worm has been found in the Apple: a Trojan horse masquerading as an MP3 file and carrying malicious code that can access files.

MP3Concept, or MP3Virus.Gen, was reported yesterday by Intego Inc., a Paris developer of security and privacy software for Apple systems. The code exploits a weakness in Mac OS X that can make applications appear to be other types of files.

Intego reported that the first version of the virus appears benign but that the code could be used to launch attacks.

Clicking on an infected file with an .mp3 extension will actually play music. But clicking also executes code embedded in the ID3 tag of an MP3 file, which usually carries information about the song and artist. When executed, the malicious code can run on any Mac with OS X. The current version displays a screen alert saying, 'Yep, this is an application. So what is your iTunes playing right now?'

The Trojan has resources to point OS X to the malicious application in the ID3 tag. Because those resources are stripped out of downloads from the Internet or other outside networks, the file must be compressed or binhex-encoded to be received from an outside source.

Unless the user is logged on with root access, the malicious code cannot access system files, which are restricted. But it could access personal files and any files on external hard drives with ownership and access permissions turned off.

The technique also could hide viruses in file types such as JPEG, GIF or QuickTime that have similar ID tags.

Intego, which has released the code definition for its VirusBarrier antivirus software, said a sample of the Trojan horse was e-mailed April 6 to the company and also to Apple but does not yet appear to be in the wild.

Apple called the Trojan sample a proof-of-concept exploit.

A security analyst at Gartner Inc. of Stamford, Conn., said the Trojan horse merely points out the obvious, that no operating system is free of flaws.

'People may have had the impression that Mac OS X was invulnerable,' said Ray Wagner, research director for information security strategies.

Although there is a perception that OS X could be more secure because it was developed with security in mind and has received much scrutiny, Wagner said, he believes there are other vulnerabilities waiting to be discovered.

'This specific vulnerability is not a big deal,' he said. 'But it does show the potential.'

Intego said it 'initially hesitated about releasing this information but finally decided it was our responsibility to alert users to the security risk.'

Apple said in a statement it was aware of the problem and was researching it.

"While no operating system can be completely secure from all threats, Apple has an excellent track record of identifying and rapidly correcting potential vulnerabilities," the company said.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected