All the latest UK technology news, reviews and analysis
|
|
|
16 Feb 2006
The first virus to target Apple's OS X operating system has been identified in the wild.
Leap-A (also known as Oompa-A) spreads via the iChat instant messaging system, forwarding itself as a file called 'latestpics.tgz' to contacts on the infected user's buddy list.
When the file is opened on a computer it disguises itself with a JPEG graphics icon in an attempt to fool people into thinking it is harmless.
"Some owners of Mac computers have held the belief that Mac OS X is incapable of harbouring computer viruses, but Leap-A will leave them shell-shocked as it shows that the malware threat on Mac OS X is real," said Graham Cluley, senior technology consultant at Sophos.
"Mac users should not think it's OK to lie back and not worry about viruses. "
Cluley said that his company released a signature file for the virus at midday. Other manufacturers will follow suit, as antivirus researchers from rival companies cooperate on new threats.
Mac users on online forums have denied that the online pest is a worm and instead qualify it as a Trojan. It requires the user to manually download and open the file before a system is infected. Users who aren't running on administrator accounts furthermore are prompted to enter an administrator password.
None of those facts however precludes OSX/Leap.A from qualifying as a worm, Sophos countered. The main difference between a Trojan and a worm is the pest's ability to spread itself.
"OSX/Leap-A is programmed to use the iChat instant messaging system to spread itself to other users. As such, it is comparable to an email or instant messaging worm on the Windows platform," the security provider stated. "Worms are a sub category of the group of malware known as viruses."
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Field/Site Engineering Manager/Leader Brief: Polar...
Product Manager, Open Repository (ref:BMC/PMR) End...
Java/J2EE Software Developer/Programmer - Dotcom/ eCommerce...
Field/Site Engineering Manager/Leader Brief: Polar...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Can NOT Spread Over the NET
OK, I'm late to the comment party but this still needs to be said: Although this Trojan/Worm/Whatever will automatically ASK the buddies on the infected machine's buddy list if they will accept a file transfer, it will only do so if the user has enable Bonjour and will only do so via the Bonjour buddy list. Know what that means? Means it does NOT spread over the internet, just potentially over a LOCAL NETWORK. One other point: Symantec's web site shows the magnitude of this "infection" with this: Number of infected systems: 0-49 How can these little facts fail to make it into this article? How?
Posted by: Wingsy 22 Feb 2006
uh
so any executable file, with a custom icon is now called visus? i mean it LAUNCHES A TERMINAL IF YOU DOUBLE CLICK, ASKING FOR ADMIN RIGHTS! jeah must be a jpeg, i think i'll install that.
Posted by: chris 16 Feb 2006
Yawn
Slow news day. Let us know when a real OS X threat occurs.
Posted by: Treena Williams 16 Feb 2006
splitting hairs
I understand that this virus is actually a trojan, but the concept is what is of concern. Many of the worst exploits of windows systems are similar in that they require user input, often as a user with admin privileges. Most users outside of a controlled environment run as admin, and many users ignore warnings that systems or applications display, even on mac computers. And many users seem to click on content that they are not sure about. So if a malicious file is disguised well, the chances that a user will launch the program/trojan/virus is high. Some baad people don't care what the system is so long as it can run whatever payload they are attempting to distribute, and certainly automated systems that are already infected do not care that the next target system is a sexy, sleek G5. Believing that mac computers or any ohter systems are not vulnerable to attacks from malicious entities just because the system is 'secure' or not a target is just plain wrong. All machines connected to the internet are at risk and until all users ply the internet with at least a modicum of caution, attacks and vulnerabilities will continue to be propagated. More so on windows systems for now, but don't worry, macs and linux boxes will have their time in the spotlight as well...
Posted by: concerned citizen 16 Feb 2006
It's not a virus
It requires user activation via input of the administrator and is therefore a trojan horse. It is file masquerading as something else and does not exploit any vulnerabilities in Mac OS X. Safari warns the user upon download of the file that it could be harmful.
Posted by: hoppo629 16 Feb 2006
What damage?
In order for it to be qualified as a virus, it has to do damage to your system. This article failed to describe the type of damage it does,so therefore it is hard to believe the claim that is presented here.
Posted by: Viviana Wong 16 Feb 2006
Self-serving FUD
More self-serving FUD from a anti-virus software company. If they can't find a real security exploit, create something that resembles one and call it a "virus" so that they can justify the sale of their anti-virus software.
Posted by: WindozeBloze 16 Feb 2006
NOT A VIRUS! Quit spreading more FUD!
A virus spreads by itself, a trojan house, however, this could be categorized. Open up a dictionary.
Posted by: mv2005 16 Feb 2006
Just self serving fud...
Please.... This so called "virus" is nothing more than than a Unix shell script where someone has pasted the icon for a jpeg on in the Get info dialog and then sent it to someone else via iChat.
Posted by: yea baby... 16 Feb 2006
virus?
http://en.wikipedia.org/wiki/Computer_worm http://en.wikipedia.org/wiki/Trojan_Horse_%28Computing%29 Read the facts. Not that wikipedia is all facts but most of it's pretty legit.
Posted by: a 16 Feb 2006
dumb***
You need a dictionary to spell "horse" correctly.
Posted by: Airtight Granny 16 Feb 2006