Trojan horse fouls Mac site

Some Mac users who visit the "Info-Mac" archive and download a program get a rude surprise.

2 min read
An obscure new program that can prevent programs from running and otherwise create havoc has been discovered by some unfortunate Macintosh users.

Some Mac users who visited the "Info-Mac" archive of Mac software and downloaded a program promising to speed up the display of computer graphics were unpleasantly surprised to find that it actually caused some program menus to display random text and that it prevents some programs from running at all, according to users posting messages on the widely read Macintouch Web site.

The "Trojan horse" program, called "Graphics Accelerator," was available on a site hosted by an MIT Web server but appears to have been removed. Unlike a virus, Trojan horses do not spread to other computers, but they can still seriously damage the PC with malicious code that is hidden in an executable program that must be downloaded by the user.

The program doesn't appear to have affected large numbers of users, but many are still vulnerable because Graphics Accelerator may still exist on mirrors of the Info-Mac site, and antivirus programs such as Symantec's Norton Antivirus or Network Associates' VirusScan haven't yet been updated to scan for the offending code. Most antivirus programs have to have a list of viruses and programs to look out for before they can prevent damage.

"We are searching for a sample we can get so we can evaluate [the virus] and provide a fix," said Symantec spokesperson Genevieve Haldeman. Users who have encountered the virus can submit the program to Symantec via a special Web site.

Haldeman said updates for the company's Mac antivirus programs are generally made available by the end of each month.

News of the Trojan horse comes after reports of particularly destructive programs called AutoStart Worms that copy themselves as they move from file to file, whether they be on floppy disks, hard drives, removable storage units, or the system's main memory if it is used as a "virtual" disk drive.

They differ from a normal virus in that they don't need to be attached to a program or document to replicate themselves.