“A malicious program that could be the first Trojan in the wild to target Apple Computer’s Mac OS X operating system has been discovered, security experts confirmed Thursday. Apple and outside analysts said the program, referred to as Leap-A, is not a ‘virus,’ per se. Rather, it ‘requires a user to download the application and execute the resulting file,’ Apple said in a statement to CNET News.com. The company provided no further comment on the nature of the program,” Anne Broache reports for CNET News. “The malicious software, which has also been dubbed OSX/Oompa-A and the Ooompa Loompa Trojan Horse by other security experts, appears to have spread minimally so far and has achieved low-level threat classifications from McAfee and Symantec. But security experts cautioned Macintosh users to view the incident as a wake-up call that all operating systems have vulnerabilities.”
MacDailyNews Take: Did security experts also caution Macintosh users to view the incident as a wake-up call that all operating systems can run programs, too? Do not download “latestpics.tgz” and then uncompress it and then run it by giving Mac OS X your Admin password at the prompt. Also, do not drag files that you wish to keep on your hard drives to the Trash and then empty it.
“‘It’s not really news as far as threats go,’ said Ray Wagner, a senior vice president in Gartner’s information security group. ‘It is news because it targets OS X, and as far as I know, it’s certainly the first OS X malicious content in the wild that’s been noted at this point,'” Broache reports. “Apple directed customers to a safety guide at its site and said it ‘always advises Macintosh users to only accept files from vendors and Web sites that they know and trust.'”
Full article here.
Advertisements:
• MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
• iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
• iMac and MacBook Pro owners: Apple USB Modem. Easily connect to the Internet using dial-up service. Only $49.
• iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
• iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
• Connect iPod to your television set with the iPod AV Cable. Just $19.
Related MacDailyNews articles:
Incorrect reports of ‘Mac OS X virus’ begin to circulate – February 16, 2006
New Mac OS X Trojan warning – February 16, 2006
Apple: ‘Opener’ is not a virus, Trojan horse, or worm – November 02, 2004
Preston said:
>> “Exactly – the days of Windows automatically installing and running virus
>>code are long gone (about 5 years ago?). “
>I guess you missed the recent Windows WMF vulnerability which
>allowed for silent and automatic execution of code.
And I guessed you missed the almost identical vulnerability in Quicktime, patched about 3 weeks ago? This is not a virus – it has no means to replicate – it’s a buffer overflow exploit. Ironic how both WMF and Quicktime had almost identical issues eh?
SJR: “In other words…have a lick of common sense and this particular issue won’t impact you.”
That´s the same advice I give to windows users regarding viruses.
Something seldom mentioned is the extent of this “worm”. Symantec’s web site shows that the number of users affected by this trick are “0-49”.
So of all the 20 million (plus or minus) Mac users out there, less than 50 got taken in by this thing.
Wow. This should make headlines huh?
We macs don´t have viruses or trojan horses or anything bad can be put on our computers and even if we do we will never admit to it.
According to knowledgeable sites, the code combines traits of a worm, a trojan and a virus. Once it has been unleashed on one Mac, it self-propagates via iChat/AIM.
Furthermore, in most cases the code does NOT require, or ask for, an administrator password; it installs to folders that aren’t protected by such a requirement.
The code doesn’t exploit any weakness or bug in Mac OSX, though. It relies solely on human curiosity. Nevertheless, it is time to put semantics aside and accept that we as Mac users need to be more cautious / suspicious.
The problem isn’t with the software, it is in the fleshware. And since this file, and the successors that will inevitably follow, propagates itself via chat programs to contacts that are colleagues or friends – and therefore trust things that originate from you -, such caution is not just self-defence: it is a social and moral obligation.
So let us stop the name-calling and linguistic waffling and own up to the new truth. Networking means being responsible.
Peter J. Pedersen
MacDailyNewsWebMaster
will we ever be able to post images here?
We can host them off-site if that makes a difference.
OH, MY GOD! MY Mac sytem can run APPS! This is NOT the way a good operating should behave. A good OS should prevent the user from running third party apps so that no harm can ever be done to the system and the user’s files.
Hello!
HUGE!
LOOK AT ME!
[quote=”Mace”]Help! I’m trapped in BB Code!
echo "This is some code";
[list]
[*]Red
[*]Blue
[*]Yellow
[/list]
[list=a]
[*]The first possible answer
[*]The second possible answer
[*]The third possible answer
[/list]
no.one@domain.adr
mike k.: Did you want to post secret photos of Leopard? (j/k)
Hello!
Look at all the pretty colors
Hmmm.
This just proves how much more secure M$ Windblows is.
For $50/year M$ can make sure that Windblows users will only be able to run M$-approved programs. Therefore, there can be no inadvertant malware running on Windblows.
For the upgrade cost of Longdelayed, M$ will make sure that NO programs will run on your PC. Can’t get more secure than that!
<span style=”color:red;”>Testing in red</span>
I know I’m posting late in the game here, and maybe no one will read my post, but I just thought about this today.
What we are talking about here is a user that downloads or receives a file, opens the file without knowing what it does, then entering in an administrator password to allow that file to do damage. A virus? A worm? Not really. A trojan? Yes.
OK, so is this because OS X has a “security flaw”? Not at all. However, Apple can do something about this. They can set up an option, something like “Notification Options”, that allow users to get more verbose security messages. If you set it to “verbose”, you’d get a more detailed message rather than a prompt for your admin password.
Here’s an example:
Old Message
Username: Jimbo von Winskinheimer
Password:IAmNoDummy
(OK) (Cancel)
New Message:
Warning: You are now being prompted for your administrator password. This is because the file you are opening is going to install something on your system. If you are unsure of what is being installed, do not enter your password. Instead, cancel out of this and verify that what you just opened is really what you think it is.
Username: Jimbo von Winskinheimer
Password:
(OK) (Cancel)
This will not prevent people from still installing malware, but at least it will attempt to protect Grandma Beatrice when she goes to look at the pix that were sent to her.
So is it
Windows:60,000
Mac: 1 or 0?
This is the first of thousands of trojan horses that will attack OSX in the coming weeks. This will overwhelm Apple and they will not be able to keep up with the attacks. Now that the truth is out that OSX is riddled with security problems that have no solutions everyone will flock to Windows. Guess it doesn’t matter if you are rich…you still have stupid people that will click on anything.
Mac fan boys finally get their just deserts 😀
Time to short that Apple stock!
Just a sensless Google bomb
http://www.bkpfd.org
Get a life! Your really didn’t read all these posts, did you?
^^^ MORON ALERT!
“Now that the truth is out that OSX is riddled with security problems that have no solutions everyone will flock to Windows.”
Cite the OS X security flaw being exploited here. There is none. This trojan is no different from any of the others written in the past five years that never spread due to the inherent security of OS X, unlike in the Windows world where just viewing a webpage or an email will hit you with a WMF exploit. You actually have to download this one and run it yourself.
Will someone please explain how this code is “self-replicating”, when it can’t replicate until it has been decompressed and run? “Self-replicating” means “it can replicate all by itself”. This thing can’t do anything “by itself”.
Okay, okay. I guess technically, because the app contains code to send copies of itself to AIM users, that makes it “self-replicating”. But that’s not what you think of when you hear “self-replicating”. You think of something that can begin to spread the moment it hits a computer, with maybe one click from a user at most.
Correction:
Technically, you can’t classify it as a virus just because it trys to send itself to people in your buddy list (See definitions below). I would classify it as a Worm as it’s only purpose is to <u>SPREAD</u> itself (I am NOT in denial about viruses).
Leap.A is a trojan, a virus, and a worm. The terms are not mutually exclusive.
I read the Macworld article so don’t quote it at me. The fact is that once Leap.A has infected an app, if I take that app and drag-and-drop it (and Leap.A infects primarily drag-and-drop apps) onto a zip disk or a hard drive or burn it to a CD, and move that zip disk or HD or CD to another Mac and then run the app, it WILL infect that other Mac.
That’s an old-school virus, pure and simple, from before the days of the internet. This thing spread JUST LIKE THE OLD MAC OS 6 AND 7 VIRUSES did. There is NO DIFFERENCE. Remember that. It’s a virus.
It is also a worm. If my machine is infected and I connect to a particular type of network (Bonjour-enabled iChat), then it sends itself spontaneously without my intervention. Yes, the user on the other side has to accept the file, BUT THAT IS TRUE OF ALMOST ALL INTERNET WORMS. The point is, I do not have to send an infected file over the network. It sends itself spontaneously upon connection. THAT MY FRIENDS IS AN INTERNET WORM.
And finally, it is of course a trojan horse since it is available for download and pretends to be something else.
None of these terms are mutually exclusive, and many many specious arguments that assume they are have been made here. Leap.A is without a doubt a virus. By the definition of virus that a lot of you people are going by, there can’t have been any viruses before people were connected to the internet and THAT IS PATENTLY NOT TRUE. Read your history. The entire first and second generations of virus are simply malicious codes that gets transferred with a host file and replicates upon the launching or opening of that file. Leap.A DOES THIS! ONCE IT HAS INFECT YOUR MACHINE IT DOES NOT REQUIRE A PASSWORD TO INFECT OTHER FILES ON YOUR MACHINE AND THEN BE CARRIED WITH THOSE FILES TO OTHER MACHINES AND INFECT THEM, AGAIN, WITHOUT A PASSWORD.
It’s a virus.
For the record I think the Mac is inherently FAR MORE SECURE than Windows and not just because of obscurity, but face the facts people. Virus. Worm. Trojan. This is all three.
DB.