For all MAC lovers

[DavidG]

First virus hits Mac OS X
Chris Jenkins
FEBRUARY 17, 2006

ANTIVIRUS companies are reporting what they say is the first virus to attack Apple's OS X operating system.

Known as "Leap.A", "Leap-A" or "OSX/Oompa-A", the virus spreads via Apple's iChat instant messaging application, carried by a message attachment labelled "latestpics.tgz".
Leap.A then attempts to resend itself to all iChat contacts, anti virus group Symantec reported. The virus would only run on computers running OS X 10.4, Symantec said.

Security group Sophos described Leap.A as "the first real virus for the Mac OS X platform".

While the Unix-based OS X has often been touted as a safer alternative to Microsoft's Windows, flaws in the operating system have been discovered and experts have warned that as OS X became more popular, it would increasingly become a target for virus writers.

Critics of the anti-virus companies argue they are talking up the potential threat in an attempt to extend sales to a new OS X market.

Leap showed "that the malware threat on Mac OS X is real", Sophos senior technology consultant Graham Cluley said.

"Some owners of Mac computers have held the belief that Mac OS X is incapable of harbouring computer viruses, but Leap-A will leave them shellshocked," he said.

Rival Symantec rated the worm a low-risk security threat.

[bitingmidge]

David,

Thanks, we're getting closer to becoming vulnerable. It's interesting to dig a bit deeper however (on another site):

Leap's risk of infection has been rated as low because it requires users to do something to infect their machines — if they get an instant message containing the worm, they will have to extract the executable from the archive and then run it using administrator privileges.

Applications in infected machines may fail to run correctly, McAfee says, because the worm fails to correctly return control to the hooked process due to poorly written code.

So once again we have a "virus" that requires users to:
a) extract part of a file, then
b) use administrator privileges to run it.

Seems like one for the really stupid!! :eek:

One day it will happen, but there are a few in the computer press urging in on too!

I'm looking forward to reading the next round of analysis though.

Cheers,

P

[DavidG]

bitingmidge
Gees. You would have to be stupid to do all that but that is what M$ users would do.

What happened to your avatar. New one looks like fertilizer

[bennylaird]

Just wait till the Intel chip takes over, he he haw haw ha ha ha SO much for loyalty to Motorola?

[woodbe]

Ok, I'll bite, I recognise beat-up when I see it.

A virus is possible on any computer syatem, but it's harder for it to happen on some than others. For this 'virus' to work, the user must execute the file, and then respond to the prompt which asks for his administrator password. If the user refuses, it goes nowhere.

Last time I saw a working virus, it was self-propogating without users having to type passwords, or even be aware they were running any program behind the scenes, never mind actually manually executing the file. Most PC users find out that they are infected well after the virus has infected their computer.

It will probably be a while before the Mac suffers from the rampant plagues that pester their PC counterparts, if ever. It's possible, but unlikely it would ever get as bad. There is no room for complacency either, but whichever way you look at it, the Mac has had a 15+ year holiday from these sorts of problems. Long may it last.

Me? I'll stick with Linux. Now that Mac is going Intel, I may land up with a Mac and dual boot it or something, but I'm not holding my breath on that either...

[bitingmidge]

What happened to your avatar. New one looks like fertilizer

Virus got it. :eek:

OK I'll work on a new one just for you!

P

[woodbe]

bitingmidge
Gees. You would have to be stupid to do all that but that is what M$ users would do.

Actually, viruses work on the PC because the users mostly don't have to do that (their helpful web browser or email program etc does it for them), or they are tricked into doing it, and the system does not require an admin authentication to install or run the virus.

[Barry_White]

So finally the Virus Program suppliers have finally decided to increase their sales of Virus checker programs. Am I being too synical to think that who writes all the viruses that the virus checker companies have a fix for the day a new virus is launched.