« Mark Up and Mark Down | Main | Wired article about Scirus »

Mac Trojan Horse a No-Show

Intego, a French security company that warned of the first trojan horse-style virus for Mac OS X has been criticised by developers and security experts for raising an unnecessary false alarm. Intego failed to mention that the virus was engineered as a "proof-of-concept" and that there are as yet no instances of this in the wild, meaning no computers have been infected. (Via Wired News)

The virus works by adding two resources to an MP3 file, embedding the malicious code in the file's ID3 tag (that part of an MP3 where title, artist, genre and so on are normally stored) and telling the cfrg resource to point to that code, a virus writer could distribute a trojan horse that would activate as soon as the file was opened (double-clicked) in the Finder. There would, however, be no risk from loading the file into iTunes or any other MP3 player and playing it. The technique could theoretically be extended to JPEGs or GIFs as well.

Addendum: Adam Engst has written an excellent overview of the virus and its aftermath in today's TidBITS.

Posted by Tom on April 13, 2004