updated 05:45 pm EST, Thu February 16, 2006
Vendors respond to threat
Three major anti-virus vendors today responded to the newly circulating Mac OS X worm. Symantec today said that it has provided users of its security/virus products with protection (new definitions) against the new worm, which targets Mac OS X 10.4. The company currently categorizes the OSX.Leap.A virus as a Level 1 threat (on a scale of 1 to 5, with 5 being most severe). Many Mac users have been somewhat smug about the existence of virii for the Mac, but French anti-virus vendor Sophos says it is very real. "Some owners of Mac computers have held the belief that Mac OS X is incapable of harboring computer viruses, but Leap-A will leave them shellshocked, as it shows that the malware threat on Mac OS X is real," said Graham Cluley, senior technology consultant for Sophos. "Mac users shouldn't think it's okay to lie back and not worry about viruses."
While Sophos says it is continuing to examine OSX/Leap-A and will issue further information shortly, its customers have been automatically protected against the worm since early morning on February 16, 2006. The company's website says the prevalance is low, despite the media attention to the new worm.
Mac security specialist Intego said that it offers protection through its VirusBarrier antivirus program. "he the newly discovered "Oompa-Loompa Trojan horse," also called OSX/Oomp-A or Leap.A, affects Macintosh computers running Mac OS X on PowerPC processors, but does not delete files, according to Intego. The software, however, does replicate itself by sending itself to users' iChat buddies and infects applications on computers where it runs, enabling those applications to in turn spread the virus. The company said it updated its virus definitions on February 14 to provide protection.
Meanwhile, users can protect themselves by turning off the option to automatically accept files via iChat, according to Symantec.
"This first Macintosh OSX threat is an example of the continuing spread of malicious code onto other platform," said Vincent Weafer, senior director at Symantec Security Response. "However, this worm will not automatically infect, but will ask users to accept the file, giving potential victims a heads up and the opportunity to avoid infection. The important piece of advice for any iChat users running OSX 10.4 is not to accept file transfers, even if they come from someone on a buddy list."