TMO Reports - New Mac Trojan Horse Found; Protection Update Released [Updated]

by , 6:30 PM EDT, May 12th, 2004

A new Trojan Horse for Mac OS X, masking itself as a Microsoft Office 2004 installer, has been found, and updated definitions to protect for it have been released in less than 48 hours by Macintosh security company, Intego.

The new Trojan Horse - named AS.MW2004.Trojan - was first reported by British publication Macworld UK on Wednesday after being alerted by a reader who reportedly downloaded a file via the LimeWire peer-to-peer network. The file had an icon that appeared to be an installer for Microsoft Office 2004. When the reader opened the file, it reportedly wiped out his entire Home Folder.

In a online advisory to users of its Virus Barrier product, Intego said the Trojan Horse is a 108 KB, self-contained AppleScript applet.

"It appears to be an installer for Word 2004," Bryan Davis, a spokesman for Intego, told The Mac Observer, Wednesday. "We got the file from MacWorld UK two days ago and in a relatively short amount of time, our engineers were able to update our definitions for this."

A detailed FAQ of the Trojan Horse is available at Intego's Web site. Virus definition updates are available through the NetUpdate feature built into Virus Barrier.

In a statement given to TMO today, Microsoft said that while the company is committed to ensuring a safe and reliable computing experience, it cautioned Mac users to be careful in downloading files from third-party sites.

"Microsoft Office 2004 for Mac should only be installed from retail or site licensed media purchased thru licensed resellers or VARs, where the authentic install icon will be found only in the product install wizard," said Mary Starman, Lead Product Manager, Microsoft Macintosh Business Unit. "When looking for product enhancements from Microsoft, customers should always download from www.microsoft.com or through the new AutoUpdate tool in Microsoft Office 2004 for Mac."

Update: In a statement released Wednesday evening, Apple warned of the dangers associated with software downloading.

"This is not a virus, does not propagate itself and has only been found on a peer to peer network," Apple said in a statement given to TMO. "This is an example of the perils of seeking illegal software."