02/16/2006, 5:45pm, EST
Thursday, February 16th
Vendors respond to new Mac OS X worm
While Sophos says it is continuing to examine OSX/Leap-A and will issue further information shortly, its customers have been automatically protected against the worm since early morning on February 16, 2006. The company's website says the prevalance is low, despite the media attention to the new worm.
Mac security specialist Intego said that it offers protection through its VirusBarrier antivirus program. "he the newly discovered "Oompa-Loompa Trojan horse," also called OSX/Oomp-A or Leap.A, affects Macintosh computers running Mac OS X on PowerPC processors, but does not delete files, according to Intego. The software, however, does replicate itself by sending itself to users' iChat buddies and infects applications on computers where it runs, enabling those applications to in turn spread the virus. The company said it updated its virus definitions on February 14 to provide protection.
Meanwhile, users can protect themselves by turning off the option to automatically accept files via iChat, according to Symantec.
"This first Macintosh OSX threat is an example of the continuing spread of malicious code onto other platform," said Vincent Weafer, senior director at Symantec Security Response. "However, this worm will not automatically infect, but will ask users to accept the file, giving potential victims a heads up and the opportunity to avoid infection. The important piece of advice for any iChat users running OSX 10.4 is not to accept file transfers, even if they come from someone on a buddy list."
Filed under: troubleshooting
, 
, 9
, 
, 
, 
, 
, 
Top
subscribe to comments
for this article
This is in no way a virus or a worm. It cannot spread without user intervention each step of the way, and it cannot run without tricking a user to run it.
It's a trojan horse, plain and simple. MacOS X still has no known virus.
That's not to say users shouldn't be careful. Although in this case, simply running "Get Info" on the attachment after decompressing it would reveal that it was not a JPEG as it pretended to be.
I seem to recall a while back there was a bogus mp3 file going around that was actually an application. I remember Sophos, Symantec and the rest of the AV vendors saying the same crap: "Mac users have been smug," "The virus threat is real," etc.
And I don't remember the details, but I'm sure there was one other "first virus" before that.
My two cents: It IS malware, but it is NOT a virus or even a trojan horse. It's a worm that's not self-installing or truly self-propagating.
Throw away your cycle-hogging space-consuming, memory-wasting anti-virus apps and buy yourself something actually useful for the Mac.
Oh and I noticed that the line "Many Mac users have been somewhat smug about the existence of virii for the Mac" was not attributed to anyone... what the heck MaNN?!-- Shame on your for writing such a ridiculous line. Who's side are you on anyway? Or will we see the official MacNN anti-virus app soon?
OK, except that's wrong. Any program can self-install, depending where it wants to install. Hell, a program can be copied into your documents folder without password. Then set it up as a startup item. Bing/bang/boom. It all works.
Oh, and if you read the descriptions, you'd know that admin users don't get prompted for a password.
This is in no way a virus or a worm. It cannot spread without user intervention each step of the way, and it cannot run without tricking a user to run it. And that's what most Windows 'viruses' that you all mock are. Emailed programs that require the user to open. But it doesn't stop you all from saying they're loaded with viruses.
And you say it requires user intervention each step of the way. What steps are you talking about. I count two. One to download. Two to 'open' the jpeg. Wow, you make it sound like buying a house is easier then to get this to install.
That's not to say users shouldn't be careful. Although in this case, simply running "Get Info" on the attachment after decompressing it would reveal that it was not a JPEG as it pretended to be.
Yeah, and the same can be said on windows. But how many computer users are actually going "Hey, let me make sure this isn't an application". Because windows users apparently don't do it at all, and I doubt there's many mac users who do it either.
you are tiresome. but i am not tired yet.
Louzer has a point. This thing CAN infect a Mac without an admin password, thanks to its chosen method of installation.
What that means is that we'll all have to stop running as admin on a regular basis, at least until Apple patches this thing, and probably for good.
That said, there STILL aren't any actual viruses for Mac OS X - but we do still hafta keep our eyes open for the bad stuff!
It has replication ability. No Trojans have this ability, nor will you find this ability stated in any sound definition of 'Trojan.' Therefore, it is a Worm.