February 16, 2006 2:53 PM PST

New worm targets Apple chat users

Related Stories

Exploit turns up heat for Firefox flaw

February 8, 2006
A malicious program that could be the first Trojan in the wild to target Apple Computer's Mac OS X operating system has been discovered, security experts confirmed Thursday.

Apple and outside analysts said the program, referred to as Leap-A, is not a "virus" per se. Rather, it "requires a user to download the application and execute the resulting file," Apple said in a statement to CNET News.com. The company provided no further comment on the nature of the program.

The malicious software, which has also been dubbed OSX/Oompa-A and the Ooompa Loompa Trojan Horse by other security experts, appears to have spread minimally so far and has achieved low-level threat classifications from McAfee and Symantec.

But security experts cautioned Macintosh users to view the incident as a wake-up call that all operating systems have vulnerabilities.

"It's not really news as far as threats go," said Ray Wagner, a senior vice president in Gartner's information security group. "It is news because it targets OS X, and as far as I know, it's certainly the first OS X malicious content in the wild that's been noted at this point."

Classified as both a worm and a Trojan, Leap-A appears to have begun its movement earlier this week after it was posted at a forum for Mac-related rumors. The file appeared as an external link promising pre-release screenshots of the upcoming Mac OS X 10.5, also known as Leopard.

Leap-A, which appears to affect only the OS X 10.4 platform, spreads primarily via the Apple iChat instant-messaging program. The program forwards itself as a compressed file called "latestpics.tgz" to all the contacts on the infected user's buddy list each time the program starts up.

But it's up to the person to download the file, which shows up as an attachment to a conversation thread. If downloaded, the self-executable file masquerades with an icon typically reserved for image files but does not activate itself unless opened.

"It exhibits the same behavior as a Trojan in that it requires user interaction and a mass mailer in that it's going through the contact list of that particular iChat client," said Dean Turner, senior manager of Symantec Security Response. "And it's a worm because it's replicating on its own once the system has become infected."

An analysis by U.K.-based security firm Sophos said it attempts to infect recently used applications by overwriting the original application with a copy of the worm. According to Symantec, "files infected by OSX.Leap.A may be corrupted and may not run correctly."

A number of security companies--including Symantec, McAfee, Sophos and Intego--have released updated definitions to guard against the threat. Apple directed customers to a safety guide at its site and said it "always advises Macintosh users to only accept files from vendors and Web sites that they know and trust."

Andy McCue of Silicon.com contributed to this report.

See more CNET content tagged:
security expert, Apple iChat, Symantec Corp., Apple Computer, Apple Mac OS X


Join the conversation!
Add your comment
Security experts should realize that anyone with common sense knows that all OS's have flaws. But this again is an example of a script (shell, instead of Apple) that is malicious. Scripts like these have been around forever. It's just not have been as successful.

I'd like to see the PC fanboys swarm to this and say stupid crap like "ha ha we're not the only ones" and "OS X isn't as secure as people say." OS X is still far more secure. So, here's Trojan #3. Compared to how many windows trojans?

Yeah, that's what I thought, don't even start.
Posted by (461 comments )
Reply Link Flag
Count doesn't matter
Cheap jabs at PC users... nice... look, the NUMBER of vulnerabilities hardly matters. It only takes one vulnerability to destroy your company. Forget the numbers argument... you are secure, or you are not. A single vulnerability makes that determination.

Now... the difference here... is that when an exploit such as this is used against Microsoft's customers, the Mac and Linux zealots blame Microsoft. You have to know the same is headed your way, or you probably wouldn't have preempted the discussion with a defensive statement and a jab at PC users.

You said it yourself:
"anyone with common sense knows that all OS's have flaws"

So... would you like the vulnerable operating system? ...or the vulnerable operating system?
Posted by David Arbogast (1709 comments )
Link Flag
But all I want..
Is for those fools who said it wasn't possible and that anyone who wrote one would be like a God to them to get onto their knees and start their worship because their "God" has come.

Maybe in the future we can dispense with the nonsense "My OS is unassailable" argument and move on to agreeing that people who write viruses are the scum of the earth, even lower than spammers (their nearest relatives on the de-evolutionary scale).
Posted by aabcdefghij987654321 (1721 comments )
Link Flag
In this case
it is not the OS that has a security problem, but the user.
On the Windows side, this type of social engineering attack is common; you can assume the user has not created an account with restricted rights, so no need to ask for the admin password. By the way, if you do create and use a restricted Windows account, you are just about as safe from this style attack.
Wonder how many Mac users can be tricked into typing in the admin password?
Posted by catchall (245 comments )
Reply Link Flag
Nothing to see here, move on people...
Okay citizens, resume your normal lives. OS X remains the most
secure system of the major commercial OSes.

Windoze fanboys, resume your one-way ride with Billyboy.
Posted by (57 comments )
Reply Link Flag
yes quickly cover it up...
...let no one know that if you try to poke Mac OS would also pop.
Posted by FutureGuy (742 comments )
Link Flag
I have to tell you-- you are by far have written the most stupid
post EVER!! Im going To critique everything you said:

Cheap jabs at PC users... nice... look, the NUMBER of
vulnerabilities hardly matters.<The number does matter--say a
person is smart because it asks for the password and says that
its a trojan (thats how stupid most Window$ users are) and
another does its best to hide that its a trojan, they install the
software, well this one is like the first incident I mentioned, only
stupid people would download it, but for Window$, there are
tons for stupid people and people to be tricked.> and the It only
takes one vulnerability to destroy your company.< What the
HELLL are you talking about; one vulnerability will destroy
Apples website, there factories, the boxes the products shipped
in, etc??? Forget the numbers argument... you are secure, or you
are not. A single vulnerability makes that determination.< Like I
said earlier you once again are wrong.>

Now... the difference here... is that when an exploit such as this
is used against Microsoft's customers, the Mac and Linux zealots
blame Microsoft.< We have the right to blame Micro$oft for
taking there good old time for security/software updates,
therefore they do an unprofessional job.> You have to know the
same is headed your way, or you probably wouldn't have
preempted the discussion with a defensive statement and a jab
at PC users. <Lets see, a couple trojans since '84 compared to
Micro$oft's thousands. You make the call!>

You said it yourself:
"anyone with common sense knows that all OS's have flaws"
<True but you talk about security so therefore this comment is
completely irrelevant.

So... would you like the vulnerable operating system? ...or the
vulnerable operating system? I would like the OS that only had a
couple trojans since '84 THANK YOU VERY MUCH!
Posted by Brad Charna (11 comments )
Reply Link Flag
More than a couple
since 84. Pre OSX saw its share of viruses but that's before Macs resided on BSD. Of course since OSX, Macs have had a pretty secure existance. Windows can be run securely, but by default it is far from it, and unfortunately many people run it that way.
Posted by Charleston Charge (362 comments )
Link Flag
quickly cover it up...
...let no one know that if you try to poke Mac OS would also pop.
Posted by FutureGuy (742 comments )
Reply Link Flag
MS-Supporters now must intentionally LIE...
Either, certain WELL-KNOWN Microsoft-stooges are completely illiterate, or they are now just out-and-out LYING in desperation.

As the story describes, this ISNT a "virus", this ISNT a "vulnerability". This is literally tricking Mac-users into sabotaging their own computers by intentionally downloading and running a "...malicious program".

And, it apparently requires quite a few steps, to do it.

So now, some of these pathetic "fan-boys" (??? PAID ???), are just FLAT-OUT LYING to try and turn attention away from the FACT that Microsoft-products have, at this point, had literally THOUSANDS of REAL vulnerabilities and viruses discovered and exploited.

These same people are also now so DESPERATE that they feel compelled to repeatedly chant the even more RIDICULOUS propaganda that, "...all it takes is one vulnerability". And, that "...even one" such vulnerability would, somehow, show that, even the MOST SECURE operating-systems on the planet are, against ALL FACTS to the contrary, just as bad as MS-Windows", ...which by the way, HAS been PROVEN to have the WORST SECURITY of ANY commercial OS.

Oh, ...and I dont even know how to use a damn Macintosh, but this OBVIOUS BULLSH*T really pisses me off.
Posted by Had_to_be_said (384 comments )
Link Flag
only idiots
so let me get this right... to be infected by this thing i have to

1) Accept a file from an ichat buddy

2) Decompress it

3) Open it

4) Double click it

5) Enter my administrator password

6) Take an electric toaster into the bath

its hardly a threat unless your hugely stupid
Posted by l.evans (5 comments )
Reply Link Flag
Yes, and for almost every MS virus/trojan/malware out there you need to

1- Run as admin
2- not use a firewall
3- not use an up to date AV
4- not patch the OS for more then 6 months
5- double click everything that comes into your inbox

by the way, not running as admin (or using somthing like DropMyRights from MS) eliminates 99% into itself.
But there seems to be an endless supply of folks willing and able...
Posted by catchall (245 comments )
Link Flag
re:IM Viruses (or whatever)
I have had lots of friends who have gottent these IM worms, and what usually happens is that they will click a random link in an IM that they get from one of their friends (who is infected). They will (stupidly today) click on the link, which will go a site with like a *.php file or something, in turn infecting them and sending messages to everyone on their buddy lists.
Posted by darrius3365 (98 comments )
Link Flag
Once again CNET leaves out vital info
This "trojan" not only needs to be downloaded onto the machine, uncompressed by double clicking on it, than the user has to double click on the icon, than the user has to enter an administrator password (by default) unless a user has made a change to turn off the password on the admin account.

This is a social enginering trojan and has nothing to do with the OS. This "virus" was also being heavily publicized by Sophos which happens to be a company that makes Mac anti-virus software.

Nothing like a company making a product.. than glamorizing any news that might actually help them sell this product. Of course CNET will help them spread their FUD what else is CNET for?
Posted by (27 comments )
Reply Link Flag
This is really little different...
...then taking a hammer to my machine. Anyone with admin access
to a machine should know better then to open and put in their
password to run some unknown file, and anyone who doesn't
shouldn't have admin access to begin with. It's the whole principle
of having a secure system.

When this installs without permission just by receiving the iChat
message, or something happens to that effect, then it will matter.
Posted by Deelron (60 comments )
Reply Link Flag
Next story
Posted by PBenz (15 comments )
Reply Link Flag
...is calling it a "virus." The first Mac OSX "virus." That kinda ticked me off -- so now even Forbes can't afford to verify their stories. Sheesh.
Posted by tipper_gore (74 comments )
Reply Link Flag
Lame Story.
Is that the best you got? A malware issue..?

Give us a Virus, a breach of security story or something with a
breaking headline. Come on!! How I wish I got back the four
minutes it took to read this article.

As far as I know OS X has been out five years already, and there
isn't any serious virus or security issues, yet. Yes,five years! Not
one. MS Longhorn (aka Vista) on the other hand hasn't even
reached release and the beta is already plagued with a few
viruses. Now, I hear they are working on something called
"Singularity" called Longhorn II (aka Vienna sausages) or

Oh Brother!

Regardless...you would think somebody would want to take a
shot at OS X in the five years it has been out by now. Especially
because its been branded as being secure by most tech critics
and hmmm..I don't know...there has to be atleast one jealous XP
guru_ tech _programmer_IT_pirate_type_ user out there that just
can't stand Apple..... but again nothing major to report on.

And of course, Symantec and McAfee want to have their fair
share of publicity as well on OS X, because their whole business
revolves around security!! Wake up and smell the coffee!! God
forbid what would happen if everyone had to run OS X instead of
Windows. But of course back to reality. I would think they
wouldn't want that to ever occur? ...Why would they?? They need
to make money too. And these are just a few of the companies
that make up the troubled PC ecosystem. But generally people
stick to what they're comfortable with, can't argue with that.

But the bottom line is report on something of a serious nature
and I'll consider putting my Mac on the shelf and go-across-the
board- PC- style and thats if, and only if, OS X ever has a
security meltdown of internationl proportions. Why not it should
be an easy switch.. Vista is looking like OS X anyways? Shouldn't
be hard. Piece of cake.
Posted by ServedUp (413 comments )
Reply Link Flag
Headline is misleading - deliberately?
For all the hoops I'd have to jump through to get this installed, how can it be called a trojan?
I suspect CNET is serving the interests of the antivirus companies here. But I don't think those companies are trying to sell antivirus software for OS X, but instead trying to create doubts in the minds of those who would switch to OS X for security reasons. Fewer Windows users = fewer sales of antivirus software.
Posted by mikeschr (85 comments )
Reply Link Flag
There is nothing in the definition of a Trojan (horse) that limits the number of steps to launch...this IS a Trojan.

<a class="jive-link-external" href="http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29" target="_newWindow">http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29</a>
Posted by KsprayDad (375 comments )
Link Flag
...grief received from Apple-haters will be more brutal than
anything this trojan/worm does..

News of this trojan/worm will spread much faster than the worm
itself. It's not like it can spread exponentially and undetected ... a
la ZOTOB and others. If that happens, the Apple-haters will really
have something to cheer about.
Posted by open-mind (1027 comments )
Reply Link Flag
MS Viruses=software sales=IT Jobs=more MS

Microsith has dug its' claws deep into major corporate america
IT managers since day one.

As long as "those computers keep crashin' &#38; being buggy" IT
staff/Virus software/Microsith make money &#38; have jobs.

I have never met any corporate IT person that manages Windows
PCs that doesnot own a LOT of MS stock &#38; get "favors" from
Microsoft for doing business with them.

THAT'S WHY IT drones defend their Lord &#38; Master Microsith
because it keeps them working away fighting viruses,
downloading SP patches, reimaging &#38; resetting all the security
settings on all the computers, maintaining firewalls full of holes
with their WintelDell Servers &#38; MS Windows for Servers

Apple offered $10,000 to anybody who could hack into their
UNIX OSX server &#38; find the secret easter egg message...
Nobody was successful.

MAC OSX absolutely virus free forever...? NO.
Windows has 90% of marketshare + 90% of viruses.
Maybe Longhorn/Shorthorn/Astalavista 2007 can fix all their
legacy beleagured Windows OS...?

time will tell...

Apple has already made their Auto Software Updater available
TODAY for this MINOR issue that is NOT a worm.
Posted by Llib Setag (951 comments )
Reply Link Flag
This has all been said before, but
As long as we keep providing solutions that the customers want, we'll have jobs.

Apple's closed system approach is not a viable solution for large scale deployment, no matter how much you want to villainise MS.

If the customer's apps won't run on the OS what good is it to them? But I'm sure a big smart man like you can figure out how to rework an enterprise environment, train 50,000 users, and do it all with no downtime right? Not to mention get the funding approved to buy all the new hardware and step up Apple's production capacity to meet the new demands in a reasonable amount of time.
Posted by Bob Brinkman (556 comments )
Link Flag
Unhackable? Really....
Gotta love the Apple fanboys getting the facts right..

Is this the message that no one was able to find:

<a class="jive-link-external" href="http://www.cnn.com/2006/TECH/ptech/02/17/apple.hacker.poem.ap/index.html" target="_newWindow">http://www.cnn.com/2006/TECH/ptech/02/17/apple.hacker.poem.ap/index.html</a>
Posted by Eight_tracks (5 comments )
Link Flag
Im not just another IT Wonk
"I have never met any corporate IT person that manages Windows PCs that doesnot own a LOT of MS stock &#38; get "favors" from Microsoft for doing business with them."

Im one of them, So that makes your statement irrelevant. You just met a person without any of this.

"Apple offered $10,000 to anybody who could hack into their UNIX OSX server &#38; find the secret easter egg message... Nobody was successful"

Did you ever stop to think that at the time, knowone cared?

Personally, I think that OS X is a great, powerful, stable and secure system. So is Windows. The difference is the config out of the box. But they are both very powerful platforms with their own Pro's and Con's.
Posted by SystemsJunky (409 comments )
Link Flag
Look People
Someone said it earlier: Hackers are a big problem. I'm an OSX user (music composition) and I love it. But I don't hate windows. I use it all of the time. I hope Vista cranks. I wish their were fewer security issues on the windows platform (it must be incredibly expensive for Microsoft to research these problems) but such is life - bigger target; more prolems.

OSX is what I use - not who I am. I'm amazed out how so many obviously intelligent people can fight over two huge multi-billion dollar companies that pay us ...err...nothing.

Use what works for you. If you're a Mac user - admit it - Windows ain't that bad - and gaming is fun on them. If you're a Windows user - admit it - those powerbooks are kinda cool but kind of expensive.

As consumers, professionals, and intellectuals shouldn't we care more about getting the outsiders (hackers) to use their powers (also obvious intelligence) for good. (Forgive the superhero pep) I'm thinking "Wow - if these guys decide to get together and make products instead of yet one more virus celebrating an ended relationship - we (Win/Mac) users would end up with great gear.

Good luck - Let the discussion(?) continue.
Posted by Chevaliermusic (72 comments )
Reply Link Flag
LOL with all of my spelling errors
LOL with all of my spelling errors, kinda seems funny that I'm arguing the Intelligent Hacker line. (almost typed Intelligent Design)
Posted by Chevaliermusic (72 comments )
Link Flag
This malware can be a good thing.
This program is pretty lame, but if it wakes up my brother Mac users to the fact that they aren't invulnerable it can actually do some good.

As many have said before, no OS is totally secure. And although I'm sure Bill Gates would pay many billions of dollars to have Windows be just half as secure as OS X, the day will come when there is a real threat to Macs. It's inevitable. So they better start paying some attention to security.

People who can create windows malware (or hack into a Windows computer are a dime a dozen), but creating the first real OS X virus/worm would be a real prize for some cracker.

You know someone out there is working on one.
Posted by rcrusoe (1305 comments )
Reply Link Flag
One thing that will always be universal, people will always want to mess with you. It doesn't matter anymore what machine you have or what OS you run. There will always be someone trying to crash your system just to see that vein in the middle of your forehead popup! 8)
Posted by thedreaming (573 comments )
Reply Link Flag
Re: Once again CNET leaves out vital info
I don't remember reading any of these on CNet. So for those hungry for some Mac bugs

<a class="jive-link-external" href="http://www.theregister.co.uk/2006/01/11/itunes_vulns/" target="_newWindow">http://www.theregister.co.uk/2006/01/11/itunes_vulns/</a>
<a class="jive-link-external" href="http://www.theregister.co.uk/2006/02/08/apple_vulnerability/" target="_newWindow">http://www.theregister.co.uk/2006/02/08/apple_vulnerability/</a>

enjoy ;)
Posted by FutureGuy (742 comments )
Reply Link Flag
McAfee Security Site Facts about MAC OSX + iChat
<a class="jive-link-external" href="http://vil.nai.com/vil/content/v_138578.htm" target="_newWindow">http://vil.nai.com/vil/content/v_138578.htm</a>

Corporate &#38; Home User Risk Level : LOW

Assessment: PROFILED 02.16.2006 by Apple &#38; handled via free
software updater on Mac OS X.
Posted by Llib Setag (951 comments )
Reply Link Flag
...wonder if the low rating has to do with the OS's miniscule usage.
Posted by FutureGuy (742 comments )
Link Flag
Ok, so your original post was just misleading. If wasnt hacked in a small competition, but is was hacked. Fair enough?
Posted by Eight_tracks (5 comments )
Reply Link Flag
Ooh hey, another day with no viruses and no antivirus tax either.

D'y'know I wonder how many virus writers out there would go
out of business if antivirus vendors weren't always declaring
they'd found new flaws for people to exploit.


Mac newbies, if you're worried view the file in finder, choose "get
info" or just use the 3-pane view and look for where it says
"kind". Even with the icon showing a jpeg file this will tell you it's
a unix executable. Should be enough of a clue not to open it.
Posted by privatec (75 comments )
Reply Link Flag
The most common security problem
The biggest security problem of all operating systems is the nut loose behind the wheel.
Posted by mstlyevil (39 comments )
Reply Link Flag
... it's the loose nut on the keyboard - a fundamental mechanical

The loose nut behind the wheel explains traffic prblems,

Posted by Earl Benser (4310 comments )
Link Flag
The mere fact that you haven't changed your headline from "new worm" to "new trojan", brilliantly illustrates the writers bias. In turn, that directly reflects upon your reputation.
Posted by Thomas, David (1947 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.