The first reported malicious code to target Apple’s Mac OS X operating system, a potentially damaging Trojan Horse computer program, is serving as both a validation of the platform’s security and a warning that more may be coming.
Announced by Mac security vendor Intego, the Trojan horse, dubbed MP3Concept or MP3Virus.Gen, exploits a weakness in Mac OS X where applications may appear to be other types of files, Intego reported.
The malicious code, or malware, is encapsulated in the ID3 tag of a digital music file, which are heavily used with Apple’s popular iTunes online store and iPod player. While it is capable of playing music to help fool the user, the file is actually a hidden application that can run on any Mac running OS X, Paris-based Intego said.
Security experts agreed that the lack of antivirus and awareness on the part of Mac users could leave the alternative computing community at risk of an attack. However, they also agreed that there have been so few previous Mac viruses and there are so few targets compared to the Windows population, the Mac OS X operating system remains more secure.
“Do we need Mac users to get to the same level of awareness as PC users? The answer is no,” iDefense director of malicious code Ken Dunham told TechNewsWorld. “The issue is the level of threat is not as great, not for Mac users.”
Intego First Alert
Intego, which provides antivirus and other security protections to Mac users with its VirusBarrier software, said the MP3 Concept tricks the user by showing the malicious application as an MP3 file with icon and extension.
If users double-click the MP3 as with a typical music file, the hidden code is launched on the Mac and although it plays music contained in the file, it can damage or delete files, according to Intego.
“While the first versions of this Trojan horse that Intego has isolated are benign, this technique opens the door to more serious risks,” said a company security alert, which added the Trojan had the potential to delete all of a user’s files, e-mail itself to others and infect MP3, JPEG, GIF or other QuickTime files.
Dunham, who referred to code in his lab that purports to be Mac malware but has not been tested since security demands more focus on Windows, said any new Trojan for Mac OS X is noteworthy because there have been virtually no previous assaults on the platform.
“We may see problems in an area where we haven’t seen them before,” Dunham said.
Mac More Susceptible?
Since there have been so few viruses and worms that target Mac computers — the AutoStart worm that caused sharp but temporary pain for users is among the only ones that stand out in recent history — antivirus programs for Mac OS X are somewhat lacking both in availability and deployment.
“The conditions are more ripe in the Mac domain than it would be in others from the user not expecting it or being gullible,” Dunham said. “What it means is if a traditionally safe platform becomes hostile, it could be extremely hostile in the early stages of an attack.”
Forrester analyst Jan Sundgren told TechNewsWorld that with far fewer vulnerabilities and viruses than Windows, Mac users could be in danger with their guard down.
Not a Popular Target
However, Sundgren downplayed the threat, adding that Mac OS X is not nearly as popular of a target for attackers who are looking to get an “explosive outbreak.”
Dunham, who said PC users from the home environment and up must be aware of and using security measures including firewall, antivirus and aversion to attachments, indicated that Mac users are still in a more secure environment.
“These users are going to not be as sieged as Windows users,” Dunham said. They don’t have to worry about the concerns of PC users.”
Apple responded to the Intego security warning and said it is trying to address the issue quickly. “We are aware of the potential issue identified by Intego and are working proactively to investigate it,” Apple said.
“While no operating system can be completely secure from all threats, Applehas an excellent track record of identifying and rapidly correctingpotential vulnerabilities,” the company added.