Thursday’s Thriller

All the news that's fit to rant aboutTech news time!

It’s Gautama Buddha’s birthday. Have a drink at the Buddha Bar to celebrate.

Don’t bug me, I’m busy simulating asteroid impacts.

  1. The first Mac OS X trojan horse has been spotted. VirusBarrier has released updated virus definitions. Nothing yet from Norton or Virex. According to Intego, the trojan horse, MP3Concept, embeds itself in the ID3 tags of an MP3 then executes when the MP3 is launched. It can delete files, spread itself via email, and infect other media files. The trojan could spread via online music sharing as infected MP3s. Thanks to Rick Yaeger of MacMerc for the tip on this one.

  2. And on the Windows side of the aisle, new variants of Netsky are proving more virulent than in the past. Netsky.t and .u open a backdoor over TCP port 6789 on infected machines, allowing a hacker to return and put more malware on your system. Nothing new for Bagle, which has included a similar backdoor since day one.
  3. Yodel along with me now… Yahoooooo! Despite being downgraded by a red-faced analyst earlier this week, the company’s stock climbed to a three-year high on news that the Yahoo’s quarterly profit had doubled and ad-sales were strong. A two-for-one split is in the works. Internet advertising is back in a big way with online spending projected to soar to $8.6 billion in 2005. Blackberry manufacturer RIM also announced a twofer split. Let’s party like it’s 1999! Well, unless you work for Vulcan Ventures, that is.
  4. PalmOne is having trouble getting IC drivers for the LCDs in the Treo 600. CFO Judy Bruner says they have enough parts to get through the quarter, but the future is cloudy for the popular smartphone. Seems LCD TV vendors are hogging all the parts.
  5. Diebold screwed the pooch. Again. 2,821 absentee ballots were miscounted in San Diego during last month’s California primary.
  6. Scientists have found the oldest known pet cat in a 9,500-year-old grave site on the Mediterranean island of Cyprus.

18 Replies to “Thursday’s Thriller”

  1. Since you no longer work for TechTV are you now eligible to win the LAN party computer giveaway. If you are we should arrange it so that you are the only entry one week.

  2. Sorry to see you leave. I have learned everything I know about Computer’s from you.
    Thank you for that. Hope you return to TV again.
    Best Wishes
    Carol

  3. Re: the Mac “virus” (as some here are calling it).
    First, it’s not a virus. It doesn’t self-propagate. It is a trojan horse – ie: a program that masquerades as one thing, but turns out to be something else). It’s very easy to write a trojan on any platform. Write something (in your language of choice) that displays “Hah! Got you!” on the screen. Rename this program to a different filename, let’s say “explorer.exe” or “Safari.app” and give it to a friend. Congratulations, that’s a Trojan.
    Now that we’ve established that, here are the details on the new OS X “trojan”:
    It’s not malicious. It is a proof of concept from a discussion that took place on Usenet. The details can be found here: http://apple.slashdot.org/comments.pl?sid=103394&cid=8808324 and here: http://apple.slashdot.org/comments.pl?sid=103394&cid=8808411 and the original discussion that started it all: http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&frame=right&th=631707378ffe9292&seekm=blgl5D750C.02150821032004%40news.bahnhof.se#link6
    In layman’s terms, this is not an MP3 file. It’s a full-fledged application that contains MP3 data. If you double-click on the trojan, it runs as if it were any other application, and also opens iTunes itself, so that it *appears* to be a regular MP3. The trojan stores some of its code inside an ID3 tag, but make no mistake: It’s not an “infected” MP3, and iTunes doesn’t execute code inside MP3s when you open them. It opens iTunes, not the other way around.
    Really, I think that the anti-virus company should be ashamed of itself. From their news release, it sounds like it’s all doom-and-gloom, until you notice that they say the trojan has the “potential” to do all of this stuff.
    Now sure, somebody *could* write a true trojan that could do all sorts of nasty stuff. Is this it? No.

  4. Oh, one other thing re: the OS X trojan horse.
    From what I understand, the executable bit of this program is stored in the “resource fork” of the file. What does this mean? Well, you can’t get this trojan by simply downloading an MP3 from somewhere off the net. Why? Because Macs are the only systems out there that use resource forks in their files. When a Mac file is transferred to a PC/Linux box, the resource fork is thrown away, leaving only the data behind. In order to *preserve* the resource fork, you must first compress the file with StuffIt or some other Mac-friendly archiving tool. Zipping it won’t do, neither will tar/gz.
    So… unless you’re in the habit of downloading MP3s with the file extension “.SIT”, I wouldn’t worry. 🙂

  5. Hrm. Just got word back from Intego – I asked them for more details as to what was the deal with the trojan. The sales guys said it was benign, but they made the announcement and added it to their list as a precaution, whereas the support people painted a picture of it infecting MP3s. Wish they’d make up their minds. 🙂

  6. Leo,
    Hope to see you back on television soon…I have a feeling you won’t be unemployed long…fight the good fight…

  7. Cheer up Leo. Things aren’t all bad. You’ll be back before you know it, or have a job twice as good. Take this time as a well deserved vacation. My cell phone went for a swim yesterday in the pocket of my shorts. I got it to work, it just won’t send or receive calls. other than that it’s fixed. I could care less things are looking up. I’m drinking soda, downloading music, and life is good. Seriously I hope you do get back on the channel soon. You are needed very much even if you don’t feel like it. I might have some free time myself soon. Good luck with your tan!

  8. I know, Nihaochan. Just some good natured ribbing. 🙂 We’re all pals here at Leoville. It’s like Pleasantville, only nicer…

  9. One good thing I can see from your departure from TechTV is you are keeping this site more up to date than you use to. And that is always a good thing!!

Comments are closed.