SECURITY

First Mac OS X Worm Shows Up

Print Version
E-Mail Article
Reprints

By Erika Morphy
MacNewsWorld
Part of the ECT News Network
02/17/06 1:35 PM PT

The Leap-A worm itself is not a major threat, says Sophos senior technology consultant Graham Cluley. In fact, it may prove to be a welcome development if it prods more people to install and update their security software. "Mac users cannot keep thinking that they are invulnerable to these threats," he warns.


Entering European Markets: A Challenging but Real Opportunity
Although the U.S. has a large Internet population, 79 percent of all Web users are now outside the U.S. Online retailers have viable options for entering into international expansion mode, particularly with respect to European markets. [Download PDF: 6 pgs | 686k]

The day of reckoning has arrived for Mac users. Internet security firms have discovered the first Mac OS X worm. Called OSX/Leap-A, the worm spreads through Apple's (Nasdaq: AAPL) Latest News about Apple iChat instant messaging system.

The worm forwards itself as a file called latestpics.tgz to contacts on the user's buddy list. It is disguised by a JPEG graphic icon. The worm also uses the text "oompa" as a marker in the resource forks of infected programs to prevent it from reinfecting the same files, according to the Internet security firm Sophos Latest News about Sophos.

No More Complacency

Apple users have been complacent up until now, and for good reason, Graham Cluley, senior technology consultant for Sophos, told TechNewsWorld. "They have remained relatively immune to this type of thing." Most virus writers prefer targeting as large a group as possible, which of course means Windows users.

The Leap-A worm itself is not a major threat, Cluley says. In fact, it may prove to be a welcome development if it prods more people to install and update their security software.

"Mac users cannot keep thinking that they are invulnerable to these threats," he warns.

Worm, Not Virus

There has been debate as to whether Leap-A is a virus or a Trojan. That springs from the misconception that a Trojan requires user interaction to infiltrate a computer, Cluley notes. However, that is not the case, he explains in a post on Sophos' Web site:

"A Trojan horse is a seemingly legitimate computer program that has been intentionally designed to disrupt and damage computer activity. Trojan horses do not replicate or have any mechanism of spreading themselves. They have to be deliberately planted on a Web site, or accidentally shared with another user, or spammed out to e-mail addresses. There is nothing inside a Trojan's code to distribute themselves further to other victims."

Leap-A is clearly a worm -- a subcategory of a virus -- because it has been programmed to use the iChat instant messaging system to spread itself to other users, Cluley says.

More to Come

Some 79 percent of respondents said they believe Macs will be targeted more in the future.

The good news for Mac users? Malware aimed at them won't be nearly as abundant as that written for Windows.

Social Networking Toolbox:
Talkback: Join the Discussion.
Re: First Mac OS X Worm Shows Up
mi1400
Posted 2006-02-20
I believe, to classify this whether to virus, trojan, worm.... the very easy out of this is to ...

Print Version E-Mail Article Reprints More by Erika Morphy   RSS

Related Resources

Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]