Bad programing and nothing else. The Mac OS can't get a virus unless you give it permission to download. All the vendors of antivirus of course want you to believe otherwise so you will go out and spend your dollars on there useless software.

Bad programing and nothing else. The Mac OS can't get a virus unless you give it permission to download. All the vendors of antivirus of course want you to believe otherwise so you will go out and spend your dollars on there useless software.

What kind of bull is this? Can't get a virus unless you give it permission. There's lots of things that can download without permission. h***, apps do it all the time. Downloads via email occur all the time as well (there, you just need someone to double-click the file).

Bad programming = Mac OS X 10.4 Tiger's iChat application?

To rephrase JHorvatic's post: Some developer(s) dropped the ball when they released iChat, allowing someone to find an exploit (aka vulnerability).

If it's "Bad programing and nothing else," then the user is excluded. Therefore, according to JHorvatic, the problem lies within the Mac OS X 10.4 Tiger's iChat application.

Despite the logic above, I actually know what he's trying to say, and he is correct in that the user should know better. Unfortunately, not all Mac users are as computer/tech savvy or have the common sense to not open files delivered by malware. Also keep in mind that the Mac itself has been known and praised for its ease-of-use. Because of this, Macs have found their way into Special Education (and non-special ed) classrooms, homes, and offices/workplaces where the users are basically technology imbeciles. These are the types of Mac users who will fall for the techniques employed by malware of any kind, and on any platform.

OK, so I'm a power user, perhaps a guru; but I could have fallen victim to this exploit because of my curiosity about the latest and greatest. I might've questioned the format of the file; so, there but for the grace, I say. The difficulty is knowing what's going to kill your system or no. Heck, Apple's yanked updates because of some problem or another. The more cautious among us will wait and see what happens to some other poor schmos before applying an update; the rest? Well, someone's gotta be first. I wouldn't be too hard on the users, its people without conscience that concern me. Further, I remind everyone that if your computer is on any network it is vulnerable to attack.

It worms around in your machine like a damn slinky, but it gets there through SOCIAL ENGINEERING. It's both a traditional trojan in entry and a worm internally, because it doesn't just execute a single command per click but exhibits the similarity to life that created the whole 'virus' (biological) 'computer' (engineering) metaphor. It's a tworm. There still are no viruses, trojans, or worms...just tworms

You would be wrong to agree with Sophos. It can't self-propogate. To activate the first requires the user to launch it. How is that *self*-replicating?

While it's clever how it can insert itself into application bundles, it doesn't actually modify the application files itself (remember, an application is a bundle of files, not just one big file).

This is a trojan plain and simple. Sophos just wants to sell software.

You would be wrong to agree with Sophos. It can't self-propogate. To activate the first requires the user to launch it. How is that *self*-replicating?

While it's clever how it can insert itself into application bundles, it doesn't actually modify the application files itself (remember, an application is a bundle of files, not just one big file).

This is a trojan plain and simple. Sophos just wants to sell software.

I would still be correct to agree with Sophos. While you pointed out that I used "self-propagate," I will have to agree that I incorrectly stated that. What I should have noted is that the OSX/Leap-A Worm has the ability to spread itself to others in the user's iChat buddy list once the user has activated the file. So, "self-propagate" may not be the correct use, however, "replicate" would be better. I stand corrected in terms of word-usage, but not in categorizing this malware as a worm.

OSX/Leap-A's replication ability is what qualifies it as being a worm.

Not all Mac users are smart. Many are as dumb as windows users, but because they are using macs, they aren't nearly.

If Apple doesn't take this seriously, and by seriously I mean closing the hole, then it could be their first mistake to showing that OSX and it's users can be easily... fooled.

Apple already fixed any problems. I seriously doubt even the dumb users would be fooled: it askes for your admin password to open a jpeg. Do you know how many "dumb" users even know their user password?

Joee- Dude, DO YOU REALLY THINK REGULAR STUDENTS, MUCH LESS SPECIAL ED STUDENTS, ARE GOING TO KNOW THE ADMINISTRATOR'S PASSOWORD? That is the exact reason passwords exist in the first place This isn't a serious threat, stop trying to make it seem like it is.

Taken from Intego's website:

Does this Trojan horse indicate its presence by asking for an administrator’s password? No. This Trojan horse installs a file in a user’s Library/InputManagers folder if the user is not logged in as root. If the user is root, it installs itself in the system folder of the same type, /Library/InputManagers.

Unfortunately, Intego still refers to this Leap-A as a Trojan.

Okay, I've post this next part in the other discussion regarding Inqtana-A, but I feel you all need to read this as well: --- Intego categorizes Leap-A as all three, but primarily a Trojan. Apparently, their R&D department has a different idea of malware structure than most of the other major a/v vendors.

It seems that Intego's primary focus is protection for the Mac OS X platform. Given the high level of security OS X provides the end-user, it would seem that any a/v vendor, including Intego, would have a hard time finding a real challenge in terms of malware. In light of these two worms, there will be variants written and released. Intego needs some exercise, after all. I now have this picture in my head of Intego sitting right beside the Maytag repair man just twiddling their thumbs...

My point is that the a/v vendors that support the Windows platform are out there everyday fighting new variants of existing malware, as well as new & original threats. Their R&D teams are constantly thinking up new ways to combat and cover up many vulnerabilities found in WinOS. They are all in agreement to the hierarchy of malware structure. Intego, on the other hand, still recognizes that there is worm code, but places more emphasis on the payload (actually carried by the worm). What they do not acknowledge is that the payload (executable) will never be offered to the iChat user unless it is FIRST delivered to the user. First, and foremost, Leap-A is a worm (with a payload). ---

Just wonder how many people use Bonjour iChat? Since this is the only way the latestpics.malware can be spread.