“This week’s ‘Mac virus’ scare turned out to be nothing more than a worm for Mac OS X that propagates through iChat and infects local Mac applications. OSX/Leap.A is a wake up call to Mac users that we’re not immune to all the nasties floating around on the Web,” Jason D. O’Grady blogs for ZDNet. “There was a story circulating this week that The First Virus For Mac OS X had arrived, but it turned out to only be a relatively innocuous worm embedded in a file called “latestpics.tgz” promising pictures of ‘MacOS X Leopard.’ The worm required the user to download, decompress and execute the file then enter their admin password to cause any damage.”
O’Grady writes, “The first rule of software downloads is obvious: never open a file or attachment from someone that you don’t know. The second is that if it’s too good to be true it probably is. If a download promises you screen shots of Mac OS 10.5 “Leopard” don’t believe it (after all, why not just post the pics?) but never, ever enter your Mac OS X admin password to install something from an unknown source, especially if you downloaded it surreptitiously.”
Full article here.
MacDailyNews Take: Tsk, tsk. So much ado about nothing. The old rules still apply: do not enter your Mac OS X admin password to install anything from an unknown and/or untrusted source.
MacDailyNews Note: We have been affected by a widespread power outage as a result of Friday’s windstorms in the U.S. northeast. We lost power at approximately 9:30am EST yesterday along with approximately 250,000 others. The blackout is still affecting over 120,000 residences and businesses as of this post. Due to our backups currently being unavailable due to other circumstances, we have driven out of the affected area in order to resume posts. The power company curently reports that they expect power to be restored by “Sunday night at the latest.” Thank you for your patience.
Advertisements:
• MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
• iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
• iMac and MacBook Pro owners: Apple USB Modem. Easily connect to the Internet using dial-up service. Only $49.
• iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
• iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
• Connect iPod to your television set with the iPod AV Cable. Just $19.
Related MacDailyNews articles:
Apple: ‘Leap-A’ not a virus; only accept files from vendors and Web sites that you know and trust – February 16, 2006
Incorrect reports of ‘Mac OS X virus’ begin to circulate – February 16, 2006
New Mac OS X Trojan warning – February 16, 2006
Like I said before, I’m tired of us Mac users being treated like second class citizens!
How come Windows users get to have over 70,000 real, hardcore, trash-the-peecee and all files, crash the ATM, subvert the server type malware? While Mac users only get these lame, “concept”, can’t install or propagate without root/admin passwords, “is it a virus?”, nonsense code?
I think I’ll switch to Windblows.
“Excuse me, a worm is a virus. Let me repeat that for those of you who missed it: a worm is a virus. The first virus for OS X has arrived. MDN, it’s time for you to admit the truth.”
Well, let me repeat it for you in case you missed it, this isn’t the “first virus for OS X.” It’s no different from MP3Concept, Opener, or any of the other worms/viruses that have been written for OS X over the years that OS X remains impervious to because of its built-in security.
It’s time for YOU to admit the truth.
To repeat again for the numbskull press–THIS ISN’T THE FIRST OS X VIRUS.
Plenty have been written for the platform over the years, but they never spread because of the need for user intervention, a result of OS X’s inherent security. Christ, even Paul Thurrott at Wininformant got this part right.
MDN – affected by a power outage?! – methinks someone wanted to have a look at those “Leopard” pics …
I guess this proves that Mac users are not immune to the same kinds of social-engineering techniques that users of PCs are … Whatever this is, it’s great to see the spirit of the Mac community and the calm and rational way people are speaking about this.
From what I gather, this program has to be launched to do any damage – this is a far cry from what our PC brethren have to contend with each day.
I still like eggs. Thank God(tm) for UPS’!
Trojan, worm… whatever… the user MUST decompress and run an unknown file from an unknown sender and circumvent the Mac’s existing warnings in order to be “infected”. This is hardly a virus.
All this proves is that after all of Apple’s intensive engineering and installed safeguards, the Mac is still vulnerable to idiot users. Some people just shouldn’t have a computer.
…still has no INTERNET viruses.
Which is what the masses worry about–with good reason.
If you want a laugh, check out the size of the infection stated at Symantec. Less than 50!
All the word play and trolling in the world won’t change the truth: there’s nothing to see here.
If some ignorant people think this is a reason to fear Macs, then too bad for them. Have fun on Windows, and no skin off my nose
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
a bluetooth virus… pa-hah-hah-hah-hah!!!! please….
Before anyone posts any more crap about malware, I’d thoroughly recommend people go read the highly informative article at:
http://www.kernelthread.com/publications/security/
which describes the issues of computer security in some detail, for all platforms, in a highly informed manner. Perhaps surprisingly for members of this forum, you’ll learn that MacOS is actually rather poor (relatively) in terms of its security against other UNIX variants and has no formal security accreditation. Even more surprisingly, Windows NT has the highest formal security accreditation of any operating system.
And yet again people are in denial. A virus is “a self-replicating program that spreads by inserting copies of itself into other executable code or documents. ”
That is exactly what this is. It’s a virus with Trojan and Worm like characteristics. I’d suggest that since Mac users have little to no real experience with malware that they stop talking as if they are experts on the subject.
Continue to be in denial but facts are fact. The one greatest tool to avoid malware on Windows or the Mac is your brain. Think before you click. That and turn off hiding file extensions. My first Apple arrives this week. Having a virus on it or not isn’t going to make a single difference to me since I’ve had one and only one virus on Windows in the last 12 years. And that was a boot sector virus on 3.11. As long as you exercise a little caution viruses are nothing to worry about.
Actually more then anything I hope this is a wake up call for Mac users. That more then anything is what scares me. If something highly virulent comes along Mac users are going to be ill prepared. Windows users deal with this **** day in and day out. We are use to this crap. (OK most are. OK some are.) we’ve been inoculated. Mac users continue to tool along without a care in the world secure in the belief that nothing can touch their system. That mentality leaves the door open for some very nice social engineered viruses. And that is where things get interesting: when viruses trick the end user into entering their administrative account password. The most secure system in the world is useless if the person running it can be tricked.
To SiliconAddict: you missed one crucial and most important thing about virus. A virus propagates without user intervention. Your PC gets infected just because it is ON and ONLINE.
If it does not replicate and spread and infect WITHOUT user intervention it is not a virus. A virus example is MSBLASTER where the number of infected PC grew exponentially with time. Why? Because it required NO USER INTERVENTION.
Silicon, stop spreading FUD: yourself are no expert on the subject.
No one ever have said in these forums OS X is 100% bulletproof, we always said that social engineered attacks, where the naive user has to play a part, where possible. Remember Opener? Pretty much the same thing. So not only this is not the first virus on OS X, it is not EVEN the first malware as that, and other concept-proof malware has already appeared many months ago.
A virus is what happens on Windows where after few days tens of THOUSANDS of PC get infected till hundred of thousands become infected in the weeks to come. This does not happen if there is even the minimal required user intervention to spread the malware, the absence of which is what characterize a virus.
The problem in Unix, hence OS X, is the automatic infection of computers. This is what is going to be extremely difficult to achieve. OS X has its roots in BSDUnix. A *real* virus in OS X has to find a way to automatically infect BSDUnix platform by exploiting the OS security flaws, not the user mental flaws sitting in front of the keyboard.
To conclude: malware on OS X? Oh My! OF COURSE, you just need to convince the user to do a dumb suicidal job and BINGO.
A virus? Automatic detection of OS weakness, installation, infection, replication, spread, all this without user intervention? This is tough on OS X as it is on Unix family of OSes. Mind, not impossible, but tough. It might come if Apple and the Open Source community stop being proactive in finding and patching security flaws on Unix.
Now, from your *understanding* of a virus, if I was putting in a shell script something like: ” cd / && rm -rf *” and sending email around asking you to launch the script in that it optimizes bandwidth and DOUBLE YOUR DOWNLOAD SPEED from the internet, and you were gobbling it and naively doing, you would have hammered your computer and cried out loud that your computer was a security swiss cheese?
If it does not spread by itself without user intervention it is not a virus. Other kind of malware, relying on user stupidity are possible on every and any OS. They do not exploit OS weaknesses but exploit the fact that the owner should not use a computer because it is too hard for him to grasp.
More precisely, the Symantec site says the infection rate is 0-49.
That means that, other than the guys deliberately trying to get infected for documentation purposes, there have been effectively ZERO infections.
What’s more, considering how hard it is to get this virus and make it do its stuff, I have no doubt it was purposely engineered to be a castrated monster for the purpose of AV publicity.
As I brainstormed, I thought, I’ve got 7 rooms in my house, including bathrooms. Suppose I have one Mac in each room, and all the Macs are on BONJOUR iChat. Even then, how does this thing get into my house? Via SNAIL MAIL ??
C’mon guys. This is as much a proof of concept as anything before.
Where’s the proof that this thing is actively attacking anybody’s Macintosh?? There is no proof.
In the meantime, I have ClamXav’s Sentry on the job, so quit hollering about how ill-prepared Mac community is. This site is evidence enough of our awareness, despite the alleged “denial”.
the infection rate 0-49 essentially means there is no infection rate possible to detect. Just few units here and there means the threat does not have spreading capabilities per se, but requires an uninformed, naive user – to the point of being stupid – in order to infect a machine.
The 0 means actually that no such *true* infected machine has been reported so far but only from people having tried *on purpose* to get infected just to prove that it coud work.
From our side: Symantec classes the worm is a low threat because it doesn’t automatically infect other’s machines. The company says it has infected less than 50 machines. *see above comment*
“… this worm will not automatically infect, but will ask users to accept the file, giving potential victims a heads up and the opportunity to avoid infection. The important piece of advice for any iChat users running OSX 10.4 is not to accept file transfers, even if they come from someone on a buddy list.”
but it has to be a Bonjour iChat session. Regular iChat is not affected.
However the worm, or Trojan-Work, is a wake-up call for OS X users with a false sense of OS X’s invulnerability: “Now that Leap.A has been discovered in the wild, copycat media-craving individuals will likely launch similar attacks in 2006.”
OS X is not invulnerable. It is very good, as all other Unices, but not invulnerable. Hence, do not be stupid and believe that whatever you do the OS will save you. If you are a moron and a stupid Mac user, OS X cannot save you from these kind of threats.
Do not be the security weakest link nor undermine because of your behavior the OS X inherent security.
Now, can we put it to rest: we need to put bacon on our tables, what do you expect?
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
Ya gotta love Rob Griffith’s definition of this [insert malware term of your choice]…
I quote:
Is this a virus, a worm, malware, or a Trojan horse?
Technically, it’s a bit of everything. It’s a virus, in the sense that it attaches itself to other executable code on your Mac. It’s a worm, in that it attempts to self-replicate and spread from machine to machine. It’s a piece of malware, because it can do bad things to your computer. Basically, it’s a piece of malware that’s delivered via a Trojan horse and then acts in both viral and wormy ways.
OK? Are we done now? The debate about what kind of program this is has been settled. </judge’s gavel pounding>
” width=”19″ height=”19″ alt=”LOL” style=”border:0;” />
Wikipedia sez: “Trojan horse programs cannot operate autonomously, in contrast to some other types of malware, like viruses or worms. Just as the Greeks needed the Trojans to bring the horse inside for their plan to work, Trojan horse programs depend on actions by the intended victims. As such, if trojans replicate and even distribute themselves, each new victim must run the program/trojan. Therefore their virulence is of a different nature, depending on successful implementation of social engineering concepts rather than flaws in a computer system’s security design or configuration. …
“Trojans of recent times also contain functions and strategies that enable their spreading. This moves them closer to the definition of computer viruses which operate by spreading on their own and infecting executable files, and it becomes difficult to clearly distinguish such mixed programs between Trojan horses and viruses. However, the defining characteristic of trojans is that they require some user action, and cannot function entirely on their own.”
That perfectly describes this little piece of malware. It is not a virus; it is a Trojan horse.
Someday a true MacOS X virus may come along, but we have yet to see that day, in spite of the rabid desire of some on this list.
Anyone here still insisting this is a virus or worm is just a troll, or M$ apologist spreading FUD, in my book.
ii
ii
Just another senseless Google bomb
http://www.bkpfd.org
MK,
I was talking to this guy, two weeks ago – at one of the Chinese food places I go to (this one being, not very good, but it is a block away).
We started talking about computers, and inevitably we got talking about viruses and MARKETSHARE. I tried to explain to him, that the Mac doesn’t get loads of viruses because of low marketshare, but rather it’s inherent nature. Even briefly explaining the concept of Root, Admin, Standard users on both the Mac and Windows. He politely listened, tho’ it made his eyes glaze over. But, I could tell that he wasn’t having any of it.
I printed out four essays describing the technical reasons for the Mac’s better security, and left them at the restaurant for him. If he gets them, AND reads them, It’ll be interesting to have a discussion with him in light of this latest development.
I’m sure he’ll bring this up. But, as I’ve NEVER said to him or anyone that it was impossible for a Mac to get a ‘virus’, only much more difficult – and gave the ‘technical’ reasons why – then I don’t think that I’ve betrayed my own or the Mac community ethos.
And again, I don’t care that he or anyone else doesn’t like the Mac or won’t use and doesn’t want anyone else using one. I get great satisfaction using the Macs that I’ve owned. If this annoys people, too freakin’ bad.
[RainDay said: Someday a true MacOS X virus may come along, but we have yet to see that day, in spite of the rabid desire of some on this list.
Anyone here still insisting this is a virus or worm is just a troll, or M$ apologist spreading FUD]
I truly believe both of these comments.
Still no viruses that have effected Macs to date and counting. If it can’t spread and propogate it’s not a virus. Viruses go from one machine to the next with no manual human interface and this leap crap is nothing more than a bad application trying to play out like a virus and of course all of the antivirus companies trumpeting there horns so they can get your money for NO REASON!
John you’re wrong….
Some members of the Apple Macintosh community have claimed that OSX/Leap-A is a Trojan horse, and not a virus or worm, because it requires user interaction (the user has to receive a file via iChat, and manually choose to open and run the file contained inside).
However, this is not the definition of a Trojan horse.
A Trojan horse is a seemingly legitimate computer program that has been intentionally designed to disrupt and damage computer activity. Importantly, Trojan horses do not replicate or have any mechanism of spreading themselves. They have to be deliberately planted on a website, or accidentally shared with another user, or spammed out to email addresses. There is nothing inside a Trojan’s code to distribute themselves further to other victims.
Trojan horses do not contain any code to distribute or spread themselves, viruses and worms do.
OSX/Leap-A is programmed to use the iChat instant messaging system to spread itself to other users. As such, it is comparable to an email or instant messaging worm on the Windows platform. Worms are a sub category of the group of malware known as viruses.
Therefore, it is correct to call OSX/Leap-A a virus or a worm. It is not correct to call OSX/Leap-A a Trojan horse.
this is absolutely Ridiculous….oh shit that means I have to switch to windoze??
MacDailyNews – you are wrong.
http://www.chaosmint.com/macintosh/articles/leap-a-oompa-application-vulnerability.shtml
“The Leap-A (Ooomp-A) trojan DOES NOT ask you for your admin password to modify your applications”
I think that the whole point is that people are actively trying to create malware to discredit the “macs are safer” statements so often made.
Any malware that relies on user stupidity works because, and I say this from considerable experience in IT support, the vast majority of users are that stupid!!!!
As Robert A. Heinlein said “Never Underestimate the Power of Human Stupidity”
It is Apple’s job to find ways to prevent this, perhaps through creating a quarantine folder for all downloads where they can be checked before moving into a home folder or apps folder. OSX is more secure than anything else but too often we forget the most unsecure part of the computer – the user.
BILL GATES AND GM
For all of us who feel only the deepest love and affection for the way computers have enhanced our lives, read on. At a recent computer expo (COMDEX), Bill Gates reportedly compared the computer industry with the auto
industry and stated, “If GM had kept up with technology like the computer industry has, we would all be driving $25.00 cars that got 1,000 miles to the gallon.”
In response to Bill’s comments, General Motors issued a press release stating: If GM had developed technology like Microsoft, we would all be driving cars with the following characteristics (and I just love this part):
1. For no reason whatsoever, your car would crash twice a day.
2. Every time they repainted the lines in the road, you would have to buy a new car.
3. Occasionally your car would die on the freeway for no reason. You would have to pull to the side of the road, close all of the windows, shut off the car, restart it, and reopen the windows before you could continue. For some
reason you would simply accept this.
4. Occasionally, executing a maneuver such as a left turn would cause your car to shut down and refuse to restart, in which case you would have to reinstall the engine.
5. Macintosh would make a car that was powered by the sun, was reliable, five times as fast and twice as easy to drive – but would run on only five percent of the roads.
6. The oil, water temperature, and alternator warning lights would all be replaced by a single “This Car Has Performed an Illegal Operation” warning light.
7. The airbag system would ask “Are you sure?” before deploying.
8. Occasionally, for no reason whatsoever, your car would lock you out and refuse to let you in until you simultaneously lifted the door handle, turned the key and grabbed hold of the radio antenna.
9. Every time a new car was introduced car buyers would have to learn how to drive all over again because! None of the controls would operate in the same manner as the old car.
10. You’d have to press the “Start” button to turn the engine off.
Damian, that little joke has been floating around the internet for about five years now..