The program then copies the application executable to its own resource fork, replacing the executable with itself. "In the end, it doesn't appear to actually do anything other than try to propagate itself via iChat, and unintentionally prevent infected applications from running," according to Ambrosia Software. Ambrosia also notes that the program does not exploit any security holes, requires the admin password if the user is not already logged in as administrator, and has a bug in its code which prevents it from working as intended-- the bug has the side effect of preventing infected applications from launching. According to Ambrosia, the program "checks to see if the xattr 'oompa' of the application executable is > 0... if so, it bails out, to prevent it from re-infecting an already infected application. If not, it sets the xattr 'oompa' of the application executable to be 'loompa' (this does nothing, it is just a marker that it has infected this app). It then copies the application executable to its own resource fork, and replaces the executable with itself... thus effectively inject[ing] its code in the host application." There is some discrepancy as to whether the program should be labeled a trojan or a virus/worm. Sohpos-- virus, spyway, and spam analysts- have declared that the program be classified as a worm or virus, and not a Trojan, because it is programmed to use iChat to spread itself, and Trojan horses do not contain any code to distribute or spread themselves. Ambrosia software says that it should be called a trojan, not a virus, because it doesn't self-propagate externally. Trojan or not Wikipedia defines a Trojan horse as "a malicious program that is disguised as legitimate software... Trojan horse programs cannot replicate themselves, in contrast to some other types of malware, like viruses or worms. A Trojan horse can be deliberately attached to otherwise useful software by a cracker, or it can be spread by tricking users into believing that it is a useful program." The Wikipedia definition states that "a virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. A computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells... While viruses can be intentionally destructive (for example, by destroying data), many other viruses are fairly benign or merely annoying. Some viruses have a delayed payload, which is sometimes called a bomb." "In a common parlance, the term virus is often extended to refer to worms, trojan horses and other sorts of malware; however, this can confuse computer users, since viruses in the narrow sense of the word are less common than they used to be, compared to other forms of malware. This confusion can have serious consequences, because it may lead to a focus on preventing one genre of malware over another, potentially leaving computers vulnerable to future damage. However, a basic rule is that computer viruses cannot directly damage hardware, but only software." Intego offers protection Intego also issued a warning: "this security threat affects Macintosh computers running Mac OS X on PowerPC processors. Replicating by sending itself to users' iChat buddies, the Oompa-Loompa trojan horse does not delete any files, but infects applications on computers where it runs, enabling those applications to in turn spread the virus." The company says two versions of the intended virus exist, and that its virus definitions have already been updated to combat the threat.