In the wake of
last week’s announcements
regarding the appearance of a Trojan Horse-style application that could potentially be used to infect a Mac OS X-based system, OpenOSX has released TrojanDefuser, a free application that provides drag-and-drop disinfection of potentially vulnerable files. You can download it from
the OpenOSX Web site
The Trojan Horse in question, called “MP3Concept” or “MP3Virus.Gen,” hasn’t actually been used as an infection vector yet, but it has been developed to show one possible way such software might be abused to infect Mac systems, buy disguising an application to look and act like an MP3 file.
Security software maker Intego highlighted the vulnerability last week when it updated its own VirusBarrier software to detect the Trojan. The news provoked Apple to note that it was looking into the issue; Norton Antivirus maker Symantec quickly followed suit by the end of the week acknowledging the existence of the software and offering to update the virus definition file of their own product, but said that they have yet to seen MP3Concept or any variation actually “in the wild,” or spreading by malicious intent.
OpenOSX’s TrojanDefuser application works by making a copy of the potentially suspect file without a resource fork, prefixing the file’s name with “SAFE_.” The original file is left intact. OpenOSX said it has developed the TrojanDefuser software to work for variations of the same concept embedded in various file types in addition to MP3 files.
OpenOSX is offering TrojanDefuser to Mac users free of charge; the software is being distributed under the GNU General Public License (GPL).