Home > Computers and Internet > First Virus for Mac OSX…

First Virus for Mac OSX…

by Shivaranjan on February 20, 2006


Recently I have seen ads in newspaper by apple stating that their systems are virus free and virus resistance. And till now I have never heard of a Mac virus because the Mac OS is based on the rugged unix platform. Now we have a virus called OSX/Leap-A worm which spreads via ichat instant chatting software. I think from now Mac OS will give some good company to Microsoft Windows.

Experts at SophosLabs™, Sophos’s global network of virus, spyware and spam analysis centers, have announced the discovery of the first virus for the Apple Mac OS X platform. The virus, named OSX/Leap-A (also known as OSX/Oompa-A) spreads via instant messaging systems.

The OSX/Leap-A worm spreads via the iChat instant messaging system, forwarding itself as a file called latestpics.tgz to contacts on the infected users’ buddy list. When the latestpics.tgz archive file is opened on a computer it disguises its contents with a JPEG graphic icon in an attempt to fool people into thinking it is harmless.

The worm uses the text “oompa” as an infection marker in the resource forks of infected programs to prevent it from reinfecting the same files.

“Some owners of Mac computers have held the belief that Mac OS X is incapable of harboring computer viruses, but Leap-A will leave them shellshocked, as it shows that the malware threat on Mac OS X is real,” said Graham Cluley, senior technology consultant for Sophos. “Mac users shouldn’t think it’s okay to lie back and not worry about viruses.”

Experts at Sophos are continuing to examine OSX/Leap-A and will issue further information shortly. Sophos customers have been automatically protected against the worm since 12:25 GMT, 16 February 2006.

“This is the first real virus for the Mac OS X platform,” continued Cluley. “Apple Mac users need to be just as careful running unknown or unsolicited code on their computers as their friends and colleagues running Windows.”

Sophos advises all computer users, whether running PCs or Macs, to practise safe computing and keep their anti-virus software updated.

Read a detailed analysis of the OSX/Leap-A worm

Is Leap-A a virus or a Trojan?

Some members of the Apple Macintosh community have claimed that OSX/Leap-A is a Trojan horse, and not a virus or worm, because it requires user interaction (the user has to receive a file via iChat, and manually choose to open and run the file contained inside).

However, this is not the definition of a Trojan horse.

A Trojan horse is a seemingly legitimate computer program that has been intentionally designed to disrupt and damage computer activity. Importantly, Trojan horses do not replicate or have any mechanism of spreading themselves. They have to be deliberately planted on a website, or accidentally shared with another user, or spammed out to email addresses. There is nothing inside a Trojan’s code to distribute themselves further to other victims.

Trojan horses do not contain any code to distribute or spread themselves, viruses and worms do.

OSX/Leap-A is programmed to use the iChat instant messaging system to spread itself to other users. As such, it is comparable to an email or instant messaging worm on the Windows platform. Worms are a sub category of the group of malware known as viruses.

Therefore, it is correct to call OSX/Leap-A a virus or a worm. It is not correct to call OSX/Leap-A a Trojan horse.

Source: Sophos Labs

Did you enjoy this article? Please subscribe to RSS Feed to receive all the updates!

Related Posts:

  • No related posts found

Leave a Comment

Previous post:

Next post: