Look! It’s a virus! No, it’s a worm. No, it’s a trojan.
Early this week, reports started appearing about the emergence of a Mac OS X worm/trojan/virus. Nobody at that time realy knew what to call it. They just had a name for it: Oompa Loompa or Leap-A.
However, Sophos would really like to call it as the “first Mac OS X virus.” Symantec refers to it as OSX/Leap, calls it as a worm, which according to Sophos worms are “a sub category of the group of malware known as viruses.” So, Symantec is also calling Oompa Loompa as a virus. Ambrosia sofware and Intego call it as a trojan horse, not a virus. So who’s right?
Sophos and Symantec are wrong according to a statement issued by Apple, that in part read: “Leap-A is not a virus, it is malicious software that requires a user to download the application and execute the resulting file.”
What can Leap-A aka Oompa-loompa aka OSX/Leap do or can’t do? It can’t self-propagate. Which means a user with administrative privilages has to click on the package the trojan came in. The package is named as latestpics.tgz and the compressed archive is supposed to contain screenshot pictures of the next OS X. When uncompressed, a file masquadering a JPEG file is seen and when double-clicked, the trojan then jumps into action. The trojan horse does two things: first, it sends copies of itself using your iChat’s buddy list and second, it infects Cocoa applications. Macworld has a FAQ, which details what Leap-A is and what measures you can take to rid of it and protect yourself in the future. There’s a follow-up article where they infected two computers with the trojan and observed what it did to both systems. ZDNet tells Mac users that getting infected by a real virus is only a matter of time.
A second OS X malware emerged this week but according to Macworld the risk is low. Inqtana.A is a “Java-based “proof of concept” worm” which can propagate thru bluetooth. However, Apple has long since patched up the hole the worm could potentially pass through. If you’re Mac OS X is updated then there’s nothing to worry about.
Oompa-loompa and Inqtana.A are “proof of concept” malwares, which means that somebody out there is working on a working virus for the Mac that someday may start running wild and infect Macs.
Filed under: Uncategorized | Leave a Comment