Partager via


Trojan horse on the Mac

Intego has a press release on a Mac Trojan Horse here. It seems they are trying frighten people into getting their product and it's likely not a real threat. The details are sketchy though. Whether or not this issue is real, I do think Mac OS X is as vunerable to Trojan Horses than Windows if not more so. There's really not much you can do once a user has double-clicked on an arbitrary executable and let it run. On the Mac, it'll have full access to your address book and can send mail to everyone in it without a whole lot of work. Many Mac users have a somewhat false sense of security in this regard. I hope they don't find out the hard way.

Moved up from feedback area:

It turns out it's a CFM application with a .mp3 extension and icon. The interesting thing is that it's also a valid mp3 file. The cfrg resource just points into an id3 tag, which is ignored by an mp3 player. This means that it can better hide the fact that it's executing code. This makes it slightly more insidious than the rash of these sorts of things on Windows that relied on hiding of extensions to pretend to be a different file type. But, not much more insidious...

Comments

  • Anonymous
    April 08, 2004
    The comment has been removed
  • Anonymous
    April 08, 2004
    Sounds like it's a CFM application with a .mp3 extension and the mp3 icon.
  • Anonymous
    April 08, 2004
    Actually the interesting thing is that it's also a valid mp3 file. The cfrg resource just points into an id3 tag, which is ignored by an mp3 player. This means that it can better hide the fact that it's executing code. This makes it slightly more insidious than the rash of these sorts of things on Windows that relied on hiding of extensions to pretend to be a different file type. But, not much more insidious...