Leap-A Malware Hits Mac OS X

by Janet Meyer Feb 21, 2006

A couple of weeks ago I wrote about my decision to switch to Apple computers. Viruses and spyware (particularly spyware) had finally gotten the best of me, and I wanted a way out.

Last week the antivirus software company Sophos announced the first virus for OS X, called Leap A. It spreads itself through the iChat instant messaging program. If you are using iChat and somebody on your buddy list is infected, you might receive a message asking you to accept a file called latestpics.tgz. People receiving this think they are receiving pictures from a friend and accept the file. When they open the file, their computers also become infected.

No sooner was this information revealed then the debate started about whether calling it a virus was appropriate or not. According to Wikipedia, a computer virus attaches itself to an executable program and becomes part of the program. This makes it unable to propagate itself. The intent of a virus is to harm the individual computer.

A worm can self-propagate because it does not need to become part of a program. It sends copies of itself to other systems, using up bandwidth and causing harm to a network. A particularly malicious worm can shut down several systems. Leap A propagates with intent to clog the system, so could be considered a worm. Sophos and other anti-virus companies are now identifying Leap-A as a worm.

There is another type of malware called a Trojan horse. This type of malware is designed to look like useful software. It can replicate itself, but only if the computer user takes action, such as opening up the file. Leap A cannot get into your computer until you accept it. Then it just sits there until the file is opened. This sounds a lot like a Trojan horse to me.

Note that Leap-A does not depend on a flaw in the OS X system. It tricks users into accepting it and opening it. Though computer users are repeatedly warned not to open something from somebody they don’t know, they will open it if it appears to come from a friend on their buddy list.

The day after hearing this news, a new pest called Inqtana was announced. Though first reports referred to it as a virus, anti-virus companies list it as a worm. Specifically, they are calling it a proof-of-concept worm. It spreads through Bluetooth devices. This particular worm is said to be attached to a specific address which will expire in about a week.

Anti-virus companies rate both viruses as 1 on a scale of 1 to 5 (with 5 being the most serious.) Neither has been more than a minor nuisance.

Though Apple computers have been more secure than Windows, this is a good reminder to Apple users to run anti-virus software. It’s inevitable that hackers will try to get into the system just for the fun of it. Even the OS X creators acknowledged that probability by placing a poem in the OS X system specifically directed to hackers. No matter how secure your system is, you can never stop people from trying (and sometimes succeeding.)

All reports suggest that this may be a year that hackers target Apple. The next several months will prove the security of the system. In the meantime, protect your computer. Take the advice of Windows users: keep your anti-virus software update and don’t accept anything from strangers. It only takes one successful virus to destroy your system.

Digg This Article

Share this article

Comments

You need log in, or register, in order to comment