“This week’s ‘Mac virus’ scare turned out to be nothing more than a worm for Mac OS X that propagates through iChat and infects local Mac applications. OSX/Leap.A is a wake up call to Mac users that we’re not immune to all the nasties floating around on the Web,” Jason D. O’Grady blogs for ZDNet. “There was a story circulating this week that The First Virus For Mac OS X had arrived, but it turned out to only be a relatively innocuous worm embedded in a file called “latestpics.tgz” promising pictures of ‘MacOS X Leopard.’ The worm required the user to download, decompress and execute the file then enter their admin password to cause any damage.”
O’Grady writes, “The first rule of software downloads is obvious: never open a file or attachment from someone that you don’t know. The second is that if it’s too good to be true it probably is. If a download promises you screen shots of Mac OS 10.5 “Leopard” don’t believe it (after all, why not just post the pics?) but never, ever enter your Mac OS X admin password to install something from an unknown source, especially if you downloaded it surreptitiously.”
Full article here.
MacDailyNews Take: Tsk, tsk. So much ado about nothing. The old rules still apply: do not enter your Mac OS X admin password to install anything from an unknown and/or untrusted source.
MacDailyNews Note: We have been affected by a widespread power outage as a result of Friday’s windstorms in the U.S. northeast. We lost power at approximately 9:30am EST yesterday along with approximately 250,000 others. The blackout is still affecting over 120,000 residences and businesses as of this post. Due to our backups currently being unavailable due to other circumstances, we have driven out of the affected area in order to resume posts. The power company curently reports that they expect power to be restored by “Sunday night at the latest.” Thank you for your patience.
Advertisements:
• MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
• iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
• iMac and MacBook Pro owners: Apple USB Modem. Easily connect to the Internet using dial-up service. Only $49.
• iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
• iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
• Connect iPod to your television set with the iPod AV Cable. Just $19.
Related MacDailyNews articles:
Apple: ‘Leap-A’ not a virus; only accept files from vendors and Web sites that you know and trust – February 16, 2006
Incorrect reports of ‘Mac OS X virus’ begin to circulate – February 16, 2006
New Mac OS X Trojan warning – February 16, 2006
We as Mac users need to trumpet this fact as far and as wide as we can. Don’t let these “news” organizations get away with posting these errors as news and then not having it thrown in their faces that they were WRONG!
Post the truth everywhere. Forums, discussion boards, mailing lists. Even cite the “journalists” and their respective “news outlets” that got it wrong, I say. Don’t let them off the hook.
Screw them.
(after all, why not just post the pics?)
Jason D. O’Grady is a moron, some sites don’t let people post pic’s and then you need a host as well.
And since a link can go to a web page which immediatly starts a download or not, how are people supposed to know the difference before they click?
Hang in there MDN!
We lost some people too, they are A O fscking L
“This week’s ‘Mac virus’ scare turned out to be nothing more than a worm for Mac OS X that propagates through iChat and infects local Mac applications
Excuse me, a worm is a virus. Let me repeat that for those of you who missed it: a worm is a virus. The first virus for OS X has arrived. MDN, it’s time for you to admit the truth.
Even if they can’t post pics– why would you need an administrator password to open a compressed file?
MacDude, hosting pics is nothing. Safari warns you if a page downloads something dangerous.
And if someone has pics of Leopard and it ain’t on Apple’s own site, AppleInsider, ThinkSecret, MacRumours, MacBidouille, MOSR, MacWorld, or MDN, then I’m already suspicious.
However, as I got so roundly pounded a few weeks ago, someone has shown it is possible to create something like this, but to make it work you’ve got to target utter morons.
Now, I’ll be happy to go back and be smug, because this story is utterly overblown and totally misreported.
Wanna know how fearsome this worm isn’t? Read: http://www.macworld.com/news/2006/02/17/leapafollow/
Look, the bugs in MS Office are more pervasive than this thing. Of course, the virus protection software guys are predicting the apocolypse….they have to somehow come up with a reason for us to buy virus protection software for a platform THAT DOESN’T HAVE VIRUSES. It’s like the guy who is selling snow-making machines in Fairbanks.
The virus protection software guys are PRAYING for a mac virus – hell, if they were at all competent, they’d probably write one themselves, but since there just aren’t going to be any real ones, they are going to make something up. And the Windows IT guys administering Macs will buy it hook, line, and sinker…that is the reason that the IT dept. where I work insists on buying institutional licenses and loading and automatically enabling virus protection software on all the Macs distributed in our department. That is also the reason that I end up administering our Macs….the first thing I do is turn off the virus software and the second thing I do is enable ARD…it’s easier than explaining why they are wasting their money.
MW: makes. As in, virus protection software on a Mac MAKES me laugh.
Exactly Tommy Boy. This so called “virus” doesn’t even propagate itself via iChat unless you have local bonjour chat active. It DOES NOT spread via iChat to anyone over the internet at all!
Some teensy things have been overlooked:
THIS SO-CALLED VIRUS IS NOT A WORM BECAUSE IT DOESN’T INFECT WITHOUT USER INTERVENTION!!!!
THIS SO-CALLED VIRUS ONLY WORKS ON A LAN NOT OVER THE INTERNET!!!!
THE DEFAULT CONFIG OF A MAC IS IMMUNE BECAUSE BONJOUR IS TURNED OFF!!!!
How come only Mac World picked up that little factoid?
http://www.macworld.com/news/2006/02/17/leapafollow/index.php
Sing it! YOU CAN’T GET THIS VIRUS OVER THE INTERNET.
What about the Inqtana ‘worm’? Where are MDN’s denials of that one? True, it’s more like just a soon-to-expire piece of proof that the Bluetooth vulnerability is there, but I expected to see something about it too.
I have written a couple letters to the magazines and sites myself already… but as far as Leap/A is concerne, there isn’t much the Mac community can do when Sophos themselves adamantly classifies this as a virus. And MDN… a worm IS a virus, as many others have pointed out.
True or not… utterly idiotic or not… say goodbye to the official “zero-viruses OS X.”
$5 says Symantec created this lame worm to get over the public humilation that their anti-virus software had a serious exploit for years.
http://news.designtechnica.com/article9131.html
Friends don’t let friends install programs as root.
Is this thing a virus/worm or a program? So someone wrote a program that does things I would want it to do? My goodness, my ENTOURAGE that came with my Office Suite does that!
I’m sorry, but anythng that asks me if it can download, asks me if it can run, and then asks me for Administrator access before it does anything doesn’t seem like much of a threat, and certainly not the kind malicious of code found covertly targeting Windows on a weekly basis.
I would be very upset if my Mac didn’t run a program as it was designed. The scandal would be if it didn’t.
It amuses me how this community are happy to classify any malicious Windows program as a virus when trumpeting how many Windows viruses there are (despite the fact that most of these are trojans, worms, spyware, etc, all requiring user intervention to install) but when it comes to Mac malware they tie themselves in semantic knots in order to deny the possibility that there are potential weaknesses in MacOS. One standard for Apple, another for everything else.
MacDude, hosting pics is nothing. Safari warns you if a page downloads something dangerous.
Nope, it only warns you that your about to download a application.
Malware has been attached to ordinary images and on web pages.
Also Javascript malware
You can classify this as a virus if it makes you feel better, but if this is indeed a virus, it has to be just about the lamest one ever written.
And please tell us how can it be classified as a true worm/virus if it doesn’t have the ability to propagate itself over the internet?
This is definitely the end of Apple computer. Apple fan boys thought that OSX was secure and now we know it is full of holes. It will be a matter of weeks before OSX is overrun with viruses and all Apple users will have to switch to windows to get work done. With the second security problem this week (bluetooth hole) it is obvious that this is the tip of the iceberg and that the tidal wave of viruses, malware, and trojan horses are on their way.
Finally the computer world can unify behind Windows — a secure, fast, and reliable operating system. This will be the end of overpriced computers that are only sold to rich people that have virtually no software to run.
Time to short Apple stock!
Hmm, looks like our pal “Reality Check” is having a schizophrenic moment or two it looks like based on his posts…somebody forgot to take his meds obviously.
Too bad for you that the “Bluetooth hole” you speak of was patched several months ago. Sorry, but thanks for playing…
Tempest in a teapot.
No no. It certainly doesn’t make me feel better, and indeed it is one of the most lame ‘viruses’ ever written, because the fact remains that any malicious program must be given permission to run by the user. Not to mention the fact that it requires the most stringent of circumstances to work (including that it doesn’t spread over the internet).
My point is that when Sophos classifies this thing as a virus, there is then very little we ‘mere mortals’ can do to combat that labeling. I am just as much of a Mac fan as the rest of you, I am just injecting a little reality into our combat attempts. 🙁
I think we have two different ‘Reality Check’s.
@ Reality Check #2: Despite the fact that I don’t label this as a virus if is requires administrator privileges… I was thinking the same thing. Just how drastically would the number of Windows “viruses” decrease if we put the stringent standards on them as we are putting on Leap/A? Just a thought. Double standards are very hypocritical.
@ Obvious Man: I am fully aware that the Bluetooth vulnerability was patched shortly after Tiger’s release. Blaster, and countless other Windows viruses were patched (with SP2 and the countless security updates), but that doesn’t take away from the fact that they are viruses… because there are always those few who don’t update their systems. Ignorant and unwise, yes, but they are out there nonetheless.
However,
(1) In the Mac community, there seem to be far fewer people who don’t update their systems regularly and
(2) Again, the highly specialized and difficult application where this Bluetooth vulnerability applies makes it a negligible threat, if any at all.
Who the hell double clicks on a JPEG icon? And who computes “in the wild?” I’m in a mid-sized city, so I don’t have anything to worry about, not to mention that I’m using Panther. This is just for Tiger, isn’t it?
To Caruso:
The purpose of running anti-virus software on a Mac in a corporate network isn’t to keep the Mac from being infected, it’s to keep the Mac from being a carrier used propagate infected files.
Mac’s may not get viruses but they can spread them.
if im the admin, does it ask for a admin password or not?
IT IS NOT A WORM IF IT REQUIRES USER INTERVENTION TO ACTIVATE AND PROPAGATE.
One more time: IT IS NOT A WORM IF IT REQUIRES USER INTERVENTION TO ACTIVATE AND PROPAGATE!
God I hate the mainstream tech press. Grrrrrrrr. I say we take a few lessons from our muslim brothers and burn down the Windows embassy.