“This week’s ‘Mac virus’ scare turned out to be nothing more than a worm for Mac OS X that propagates through iChat and infects local Mac applications. OSX/Leap.A is a wake up call to Mac users that we’re not immune to all the nasties floating around on the Web,” Jason D. O’Grady blogs for ZDNet. “There was a story circulating this week that The First Virus For Mac OS X had arrived, but it turned out to only be a relatively innocuous worm embedded in a file called “latestpics.tgz” promising pictures of ‘MacOS X Leopard.’ The worm required the user to download, decompress and execute the file then enter their admin password to cause any damage.”
O’Grady writes, “The first rule of software downloads is obvious: never open a file or attachment from someone that you don’t know. The second is that if it’s too good to be true it probably is. If a download promises you screen shots of Mac OS 10.5 “Leopard” don’t believe it (after all, why not just post the pics?) but never, ever enter your Mac OS X admin password to install something from an unknown source, especially if you downloaded it surreptitiously.”
Full article here.
MacDailyNews Take: Tsk, tsk. So much ado about nothing. The old rules still apply: do not enter your Mac OS X admin password to install anything from an unknown and/or untrusted source.
MacDailyNews Note: We have been affected by a widespread power outage as a result of Friday’s windstorms in the U.S. northeast. We lost power at approximately 9:30am EST yesterday along with approximately 250,000 others. The blackout is still affecting over 120,000 residences and businesses as of this post. Due to our backups currently being unavailable due to other circumstances, we have driven out of the affected area in order to resume posts. The power company curently reports that they expect power to be restored by “Sunday night at the latest.” Thank you for your patience.
Advertisements:
• MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
• iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
• iMac and MacBook Pro owners: Apple USB Modem. Easily connect to the Internet using dial-up service. Only $49.
• iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
• iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
• Connect iPod to your television set with the iPod AV Cable. Just $19.
Related MacDailyNews articles:
Apple: ‘Leap-A’ not a virus; only accept files from vendors and Web sites that you know and trust – February 16, 2006
Incorrect reports of ‘Mac OS X virus’ begin to circulate – February 16, 2006
New Mac OS X Trojan warning – February 16, 2006
The headlines need to say:
“MAC OSX REMAINS RESISTANT TO VIRUS ATTEMPT”
Can ANYONE find someone who has been affected by this thing? Surprise surprise, no they can’t – the only people ‘affected’ were experimenting with it to take it apart…
The trojan was posted on MacRumors Forums, by an newly registered user:
http://forums.macrumors.com/showthread.php?t=180066
some people were affected, before they shut it down.
OK thanks for that Jason – I see it took about four minutes of the posting for the suspicions to have been raised. I count about 3 people affected and the same number of others that were suspicious enough not to have opened the file…
It shows we need to be alert, but I agree with the the general view that this is proof of concept and not a real threat.
I will continue to maintain that the ratio is still 100,000 to zero of Winbox viruses to Mac ones!
Leap.A is a trojan, a virus, and a worm. The terms are not mutually exclusive.
I read the Macworld article so don’t quote it at me. The fact is that once Leap.A has infected an app, if I take that app and drag-and-drop it (and Leap.A infects primarily drag-and-drop apps) onto a zip disk or a hard drive or burn it to a CD, and move that zip disk or HD or CD to another Mac and then run the app, it WILL infect that other Mac.
That’s an old-school virus, pure and simple, from before the days of the internet. This thing spread JUST LIKE THE OLD MAC OS 6 AND 7 VIRUSES did. There is NO DIFFERENCE. Remember that. It’s a virus.
It is also a worm. If my machine is infected and I connect to a particular type of network (Bonjour-enabled iChat), then it sends itself spontaneously without my intervention. Yes, the user on the other side has to accept the file, BUT THAT IS TRUE OF ALMOST ALL INTERNET WORMS. The point is, I do not have to send an infected file over the network. It sends itself spontaneously upon connection. THAT MY FRIENDS IS AN INTERNET WORM.
And finally, it is of course a trojan horse since it is available for download and pretends to be something else.
None of these terms are mutually exclusive, and many many specious arguments that assume they are have been made here. Leap.A is without a doubt a virus. By the definition of virus that a lot of you people are going by, there can’t have been any viruses before people were connected to the internet and THAT IS PATENTLY NOT TRUE. Read your history. The entire first and second generations of virus are simply malicious codes that gets transferred with a host file and replicates upon the launching or opening of that file. Leap.A DOES THIS! ONCE IT HAS INFECT YOUR MACHINE IT DOES NOT REQUIRE A PASSWORD TO INFECT OTHER FILES ON YOUR MACHINE AND THEN BE CARRIED WITH THOSE FILES TO OTHER MACHINES AND INFECT THEM, AGAIN, WITHOUT A PASSWORD.
It’s a virus. Pack it in people.
For the record I think the Mac is inherently FAR MORE SECURE than Windows and not just because of obscurity, but face the facts people. Virus. Worm. Trojan. This is all three.
DB.
Tell me something Dogger: if I run my machine as a non-admin user (as it should be run in the first place), how will that virus-worm-trojan affect me?
Oh, yes. I thought so too…
Reading this discussion leads me to believe that the situation is much worse than we all believe. It seems clear to me that most of your macs have already been infected by a potent virus.
It seems the virus is modifing the posts of reasonable and prudent people so that almost every other one is changed into a frenzied, emotional outburst devoid of rational thought and fact.
The end result to someone like me, who is following this thread, is to see what appears to be normally intelligent people actually arguing over something so inane that it makes no difference who is ultimately correct.
Now the GOOD NEWS! For all of you worried about your late model mac being infected with this virus, the Leap/A trojan, or the Bluetooth issue, I will do you a huge favor and take those infected macs off your hands for $100 each. That’s a hundred bucks whether your disease-ridden mac is a 17″ Powerbook, a Powermac Quad G5 or even a lowly G4 iBook. I’ll save you from all further security threats as well as the embarrassment of continuing in this discussion, and give you $100 too. You’ll never get such an offer from Apple. The line forms to the right…
DbD
p.s. Mr. or Ms. “Whatever”, The guy in the Chinese restaurant who you lectured on mac security and even printed him essays to read, I think it’s safe to say you won’t be seeing him again (if he can possibly help it). Nice job portraying the average mac user as a rabid, meal-spoiling nut. That’s how No Smoking started in restaurants!