First Mac Virus found?

[Greji]

OSX/Leap-A: First ever virus for Mac OS X discovered
Thursday, February 16, 2006 at 22:01 by Rich Kavanagh
Experts at Sophos have announced the discovery of the first virus for the Apple Mac OS X platform.

[img][IMG]http://www.fuckedgaijin.com/forums/attachment.php?attachmentid=425&stc=1&d=1140231247[/img][/IMG]

The virus, named OSX/Leap-A (also known as OSX/Oompa-A) spreads via instant messaging systems.

The OSX/Leap-A worm spreads via the iChat instant messaging system, forwarding itself as a file called "latestpics.tgz" to contacts on the infected users' buddy list. When the "latestpics.tgz" archive file is opened on a computer it disguises its contents with a JPEG graphic icon in an attempt to fool people into thinking it is harmless.

The worm uses the text "oompa" as an infection marker in the resource forks of infected programs to prevent it from reinfecting the same files. More...

[Charles]

This has already been well debunked. It's not a virus nor a worm. It's a trojan, it's disguised as a jpeg to trick people into running it. Even if you click on it, it requests you to enter your password, so you'd have to be really stupid to get suckered by this one.

This is about as infectious as the old "Unix virus." Here is a sample copy:

---Begin Virus---
This is a Unix virus. Send this virus by email to 5 other Unix administrators, then execute the following command:
rm -rf
---End Virus---

[Greji]

This has already been well debunked. It's not a virus nor a worm. It's a trojan,

I don't know Charles, I hope you're right, but Sophos through the link says this

".... Is Leap-A a virus or a Trojan?
Some members of the Apple Macintosh community have claimed that OSX/Leap-A is a Trojan horse, and not a virus or worm, because it requires user interaction (the user has to receive a file via iChat, and manually choose to open and run the file contained inside).

However, this is not the definition of a Trojan horse.

A Trojan horse is a seemingly legitimate computer program that has been intentionally designed to disrupt and damage computer activity. Importantly, Trojan horses do not replicate or have any mechanism of spreading themselves. They have to be deliberately planted on a website, or accidentally shared with another user, or spammed out to email addresses. There is nothing inside a Trojan's code to distribute themselves further to other victims.

Trojan horses do not contain any code to distribute or spread themselves, viruses and worms do.

OSX/Leap-A is programmed to use the iChat instant messaging system to spread itself to other users. As such, it is comparable to an email or instant messaging worm on the Windows platform. Worms are a sub category of the group of malware known as viruses.

Therefore, it is correct to call OSX/Leap-A a virus or a worm. It is not correct to call OSX/Leap-A a Trojan horse...."

[Charles]

I don't know Charles, I hope you're right, but Sophos through the link says this...

Yeah, like I'd listen to a PC antivirus vendor that makes money by spreading paranoia about viruses.

A trojan is a program that masquerades as something else, and tricks the user into running it. A virus, on the other hand, is a self-propagating file that can infect without user intervention.

If you want an unbiased analysis, you can read this report by Andrew Welch of Ambrosia Software, he disassembled it to see how it works. He says it's a trojan.

So far, I have heard exactly zero reports of anyone who was infected by this file, and I've been listening closely. Initial reports indicate it is so badly written that it doesn't even propagate as intended. Welch calls it a Proof Of Concept and not an actual threat. We've seen a few POC attempts on the Mac but no actual infections yet.

[electrocat]

yeah its harmless to 99% of the people that have brains. It also needs for you to use Ichat with Bonjour.. i dont know anyone that uses it. And who the hell uses .tgz files?