On Fri, 2004-04-09 at 19:21, James Devenish wrote:
> In message <[EMAIL PROTECTED]>
> on Fri, Apr 09, 2004 at 06:32:24PM +1000, Onno Benschop wrote:
> Yes (though I only tried this under Linux/Pentium).
>
> > *and* code executes that does something else,
>
> I haven't tried this under Mac OS X.
>
> > > From examining this file, I see that it contains a GEO "general
> > > encapsulated object" that itself encapsulates a PowerPC PEF header (Mac
> > > OS 9 executable) with filename "virus.mp3" -- the same as the existing
> > > file. Perhaps iTunes extracts the GEO, overwriting the original
> > > virus.mp3 in the process?
> >
> > If that is the case, we're talking about an iTunes exploit, not a
> > Trojan.
>
> Not necessarily. iTunes would not be executing the code itself -- it
> might merely be following a liberal interpretation of ID3 (eek!). While
> this would be a misfeature in iTunes, the malicious binary would
> actually be launched by the Finder.
Yeah, except that iTunes is the one making the .mp3 into an executable.
> Thus, if ID3 provides a sanctioned
> way to initiate the extraction of arbitrary files hidden within music, I
> would think it to be an example of the Trojan Horse phenomenon.
Yup, but my understanding of the ID3 definition is that it contains
meta-data like artist, name, album etc. There should be no "extraction"
required to get this stuff out. Merely from this byte, or from this
delimiter to this delimiter is the name of the artist.
I wouldn't have thought that the ID3 definition had any means of
packaging anything - unless iTunes decided that it would be cool to say
that from this byte to this byte is a compressed image that can be
extracted as a separate file, in which case the guy who thought of that
is a moron.
> It would
> be possible, for example, for a cracker to insert malicious code into
> other people's audio files as part of website defacement.
And it would be pretty subtle too, evil...
> Although
> Trojans are by their definition (hmm...what definition?)
Here are some :-)
"The Collaborative International Dictionary of English v.0.48"
Trojan horse Tro"jan horse`, n. from the incident described
in Homer's Iliad.
1. (Classical mythology) a large hollow wooden horse built by
Greek soldiers besieging Troy during the Trojan War, and
left as a "gift" when they pretended to abandon their
seige. It was taken into the city by the Trojans, and
Greek soldiers concealed inside came out and opened the
gates to the city, enabling the capture of the city by the
Greeks.
RP + PJC
2. Hence, any thing or person which appears harmless but is
designed to destroy or attack from within. It may
sometimes refer to a group; -- see also fifth column.
RP + PJC
3. (Computers) A computer program designed to evade the
security precautions within a computer system and perform
illicit operations, or to do malicious damage, and often
designed to look like a different kind of program, such as
a game, archiver, or directory lister. This term is not
applied to a program that replicates itself, such as a
virus.
RP + PJC
"The Collaborative International Dictionary of English v.0.48"
fifth column fifth` col"umn, n. from a statement during the
Spanish Civil War (1936) that the Falange had four columns of
soldiers marching on the city, and a fifth column "already
there" (i.e. sympathizers inside the Republican lines).
1. a group of persons inside the battle lines of a territory
engaged in a conflict, who secretly sympathize with the
enemy, and who engage in espionage or sabotage; --
sometimes also referred to as a trojan horse.
RP
2. Hence, any faction of persons within a group who secretly
sympathize with an enemy, especially those who engage in
activities harmful to the group; an enemy in one's midst;
a group of traitors.
RP
"WordNet (r) 2.0 (August 2003)"
Trojan horse
n 1: a subversive group that supports the enemy and engages in
espionage or sabotage; an enemy in your midst syn:
fifth column, Trojan horse
2: a program that appears desirable but actually contains
something harmful; "the contents of a trojan can be a
virus or a worm"; "when he downloaded the free game it
turned out to be a trojan horse" syn: trojan
3: a large hollow wooden figure of a horse (filled with Greek
soldiers) left by the Greeks outside Troy during the
Trojan War syn: Trojan Horse, Wooden Horse
"The Free On-line Dictionary of Computing (19 Sep 2003)"
Trojan horse
(Coined by
MIT-hacker-turned-NSA-spook Dan Edwards) A malicious,
security-breaking program that is disguised as something
benign, such as a directory lister, archiver, game, or (in one
notorious 1990 case on the Mac) a program to find and destroy
viruses! A Trojan horse is similar to a back door.