It’s finally happened — someone has created a Trojan Horse virus for Mac OS X.
It seems to obvious now that I wonder why someone didn’t do it before:
A Trojan horse, called MP3Concept or MP3Virus.gen, has been discovered that masquerades as an MP3 file. It hides in ID tags of the file and becomes activated when unwary users click on it, expecting to play a digital song.
I wonder how quickly the type/creator advocates out there will pick up on this. The classic Mac OS used tags on files to identify their filetype and creator. OS X has dumped this in favor of file extensions. The problem with this approach is obvious: change the name of an application to blahblah.mp3, and the user assumes it’s an MP3 file rather than an application. (In the classic Mac OS, even if you change the name the icon would still indicate an application file.)
These days the line between file and application have blurred, what with extensions and packages. And that’s a little scary.
Still, I have faith — so far — on OS X security, which would always ask for my password before modifying any system files.