OSX.Leap.A: a near miss for Mac users

“This week’s ‘Mac virus’ scare turned out to be nothing more than a worm for Mac OS X that propagates through iChat and infects local Mac applications. OSX/Leap.A is a wake up call to Mac users that we’re not immune to all the nasties floating around on the Web,” Jason D. O’Grady blogs for ZDNet. “There was a story circulating this week that The First Virus For Mac OS X had arrived, but it turned out to only be a relatively innocuous worm embedded in a file called “latestpics.tgz” promising pictures of ‘MacOS X Leopard.’ The worm required the user to download, decompress and execute the file then enter their admin password to cause any damage.”

O’Grady writes, “The first rule of software downloads is obvious: never open a file or attachment from someone that you don’t know. The second is that if it’s too good to be true it probably is. If a download promises you screen shots of Mac OS 10.5 “Leopard” don’t believe it (after all, why not just post the pics?) but never, ever enter your Mac OS X admin password to install something from an unknown source, especially if you downloaded it surreptitiously.”

Full article here.

MacDailyNews Take: Tsk, tsk. So much ado about nothing. The old rules still apply: do not enter your Mac OS X admin password to install anything from an unknown and/or untrusted source.

MacDailyNews Note: We have been affected by a widespread power outage as a result of Friday’s windstorms in the U.S. northeast. We lost power at approximately 9:30am EST yesterday along with approximately 250,000 others. The blackout is still affecting over 120,000 residences and businesses as of this post. Due to our backups currently being unavailable due to other circumstances, we have driven out of the affected area in order to resume posts. The power company curently reports that they expect power to be restored by “Sunday night at the latest.” Thank you for your patience.

MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
iMac and MacBook Pro owners: Apple USB Modem. Easily connect to the Internet using dial-up service. Only $49.
iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
Connect iPod to your television set with the iPod AV Cable. Just $19.

Related MacDailyNews articles:
Apple: ‘Leap-A’ not a virus; only accept files from vendors and Web sites that you know and trust – February 16, 2006
Incorrect reports of ‘Mac OS X virus’ begin to circulate – February 16, 2006
New Mac OS X Trojan warning – February 16, 2006


  1. We as Mac users need to trumpet this fact as far and as wide as we can. Don’t let these “news” organizations get away with posting these errors as news and then not having it thrown in their faces that they were WRONG!

    Post the truth everywhere. Forums, discussion boards, mailing lists. Even cite the “journalists” and their respective “news outlets” that got it wrong, I say. Don’t let them off the hook.

    Screw them.

  2. (after all, why not just post the pics?)

    Jason D. O’Grady is a moron, some sites don’t let people post pic’s and then you need a host as well.

    And since a link can go to a web page which immediatly starts a download or not, how are people supposed to know the difference before they click?

    Hang in there MDN!

    We lost some people too, they are A O fscking L

  3. “This week’s ‘Mac virus’ scare turned out to be nothing more than a worm for Mac OS X that propagates through iChat and infects local Mac applications

    Excuse me, a worm is a virus. Let me repeat that for those of you who missed it: a worm is a virus. The first virus for OS X has arrived. MDN, it’s time for you to admit the truth.

  4. MacDude, hosting pics is nothing. Safari warns you if a page downloads something dangerous.

    And if someone has pics of Leopard and it ain’t on Apple’s own site, AppleInsider, ThinkSecret, MacRumours, MacBidouille, MOSR, MacWorld, or MDN, then I’m already suspicious.

    However, as I got so roundly pounded a few weeks ago, someone has shown it is possible to create something like this, but to make it work you’ve got to target utter morons.

    Now, I’ll be happy to go back and be smug, because this story is utterly overblown and totally misreported.

  5. Look, the bugs in MS Office are more pervasive than this thing. Of course, the virus protection software guys are predicting the apocolypse….they have to somehow come up with a reason for us to buy virus protection software for a platform THAT DOESN’T HAVE VIRUSES. It’s like the guy who is selling snow-making machines in Fairbanks.

    The virus protection software guys are PRAYING for a mac virus – hell, if they were at all competent, they’d probably write one themselves, but since there just aren’t going to be any real ones, they are going to make something up. And the Windows IT guys administering Macs will buy it hook, line, and sinker…that is the reason that the IT dept. where I work insists on buying institutional licenses and loading and automatically enabling virus protection software on all the Macs distributed in our department. That is also the reason that I end up administering our Macs….the first thing I do is turn off the virus software and the second thing I do is enable ARD…it’s easier than explaining why they are wasting their money.

    MW: makes. As in, virus protection software on a Mac MAKES me laugh.

  6. Some teensy things have been overlooked:




    How come only Mac World picked up that little factoid?


    ” width=”19″ height=”19″ alt=”smile” style=”border:0;” />

  7. What about the Inqtana ‘worm’? Where are MDN’s denials of that one? True, it’s more like just a soon-to-expire piece of proof that the Bluetooth vulnerability is there, but I expected to see something about it too.

    I have written a couple letters to the magazines and sites myself already… but as far as Leap/A is concerne, there isn’t much the Mac community can do when Sophos themselves adamantly classifies this as a virus. And MDN… a worm IS a virus, as many others have pointed out.

    True or not… utterly idiotic or not… say goodbye to the official “zero-viruses OS X.”

  8. Is this thing a virus/worm or a program? So someone wrote a program that does things I would want it to do? My goodness, my ENTOURAGE that came with my Office Suite does that!

    I’m sorry, but anythng that asks me if it can download, asks me if it can run, and then asks me for Administrator access before it does anything doesn’t seem like much of a threat, and certainly not the kind malicious of code found covertly targeting Windows on a weekly basis.

    I would be very upset if my Mac didn’t run a program as it was designed. The scandal would be if it didn’t.

  9. It amuses me how this community are happy to classify any malicious Windows program as a virus when trumpeting how many Windows viruses there are (despite the fact that most of these are trojans, worms, spyware, etc, all requiring user intervention to install) but when it comes to Mac malware they tie themselves in semantic knots in order to deny the possibility that there are potential weaknesses in MacOS. One standard for Apple, another for everything else.

  10. MacDude, hosting pics is nothing. Safari warns you if a page downloads something dangerous.

    Nope, it only warns you that your about to download a application.

    Malware has been attached to ordinary images and on web pages.

    Also Javascript malware

  11. You can classify this as a virus if it makes you feel better, but if this is indeed a virus, it has to be just about the lamest one ever written.

    And please tell us how can it be classified as a true worm/virus if it doesn’t have the ability to propagate itself over the internet?

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.