Intego warns of second Trojan Horse; Apple, MS respond

For the second time in just over a month, Macintosh security company, Intego has issued an advisory warning customers of a Trojan Horse (AS.MW2004.Trojan) on Mac OS X. The latest advisory, posted to the company's Web site on Wednesday, warns of a Trojan Horse downloaded from the LimeWire peer-to-peer network -- the file had an icon that appeared to be an installer for Microsoft Office 2004. Microsoft warned users of downloading from sources other than them and analysts even question using the term "Trojan" for the advisory.

"This so-called Trojan horse demonstrates the dangers of file trading and downloading files from untrusted sources," Joe Wilcox, senior analyst for Jupiter Research, told MacCentral. "I say so-called because this file appears to be nothing more sophisticated than a simple AppleScript. Calling it a Trojan is a long stretch of the word's meaning."

British publication, Macworld UK , alerted Intego to the Trojan Horse earlier today after a reader reported downloading the file from LimeWire. When the reader double-clicked the file it apparently wiped out his entire Home Folder. Intego reports the Trojan Horse is a 108 KB self-contained AppleScript applet.

In a statement given to MacCentral today, Microsoft said that while the company is committed to ensuring a reliable computing experience, Mac users should only install Office 2004 from a retail CD.

"When looking for product enhancements from Microsoft, customers should always download from www.microsoft.com or through the new AutoUpdate tool in Microsoft Office 2004 for Mac," said Mary Starman, Lead Product Manager, Microsoft Macintosh Business Unit.

The reader was reportedly on LimeWire "in the hope that perhaps Microsoft had released some sort of public beta" of the as yet unreleased Office 2004.

"Good security is as much about behavior as it is technology. Anyone downloading software from file trading sites takes unnecessary chances, said Jupiter's Wilcox. "Apple offers an excellent legal music service. Mac users that traffic P2P networks, were illegal music files are traded, take unnecessary risks.

Intego issued their first Mac OS X Trojan Horse warning on April 8, 2004 in what turned out to be a proof-of-concept and not a real threat to Macintosh users.

In a statement this evening, Apple, like Microsoft warned its users of the dangers of downloading software from unknown sources.

"This is not a virus, does not propagate itself and has only been found on a peer to peer network," said Apple in a statement given to MacCentral. "This is an example of the perils of seeking illegal software."

Update:
Wednesday, May 12, 2004 8:00 pm ET -- added statement from Apple

This story, "Intego warns of second Trojan Horse; Apple, MS respond" was originally published by PCWorld.

  
Shop Tech Products at Amazon