UGN UGN news

Information on Mac OS X Trojan Horse


from MacTech Magazine

There's a been a lot of hoopla about the "first" Trojan Horse on Mac OS X. As those that have been around the industry for years know, this is not the first infection on the Mac, but the Mac is well known for not being ladened with virus, malware, adware, trojan horses, and worms.

As first reported by readers of MacRumors.com, and discussed with great detail on Ambrosia Software's web site at: www.ambrosiasw.com a file called "latestpics.tgz" was posted, claiming to be pictures of "Mac OS X Leopard." For those of you that don't know, Leopard is the code name for the next major release of Mac OS X, version 10.5.

Most in the industry are calling this a trojan horse, but some are calling it a virus (although it's non-virulant.) It has been nick-named the "Oompa-Loompa" (aka "OSX/Oomp-A") for because it is checking for the attribute "oompa." It's also being called "OSX/Leap-A" or "OSX/Leap".

What is important to know about this trojan horse is that it's not particularly easy to catch, and you should not panic. As Andrew Welch at Ambrosia Software describes:

You cannot be infected by this unless you do all of the following:
1) Are somehow sent (via email, iChat, etc.) or download the "latestpics.tgz" file
2) Double-click on the file to decompress it
3) Double-click on the resulting file to "open" it
...and then for non-Admin users, it fails to infect most applications.

OSX/Leap-A will require an administrator password if you are not running as an administrator.

You cannot simply "catch" the virus. Even if someone does send you the "latestpics.tgz" file, you cannot be infected unless you un-archive the file, and then open it.

Symantec has a very detailed look at what the virus looks like, and what happens when you open it at: securityresponse.symantec.com

Anti-virus maker Sophos has a description of OSX/Leap-A (which they term a virus) on their web site at: www.sophos.com

Like the others, Intego, makers of VirusBarrier, has already updated their software and has a FAQ posted to their site at: www.intego.com

And last, but not least, McAfee has updated their software and talks of the characteristics of OSX/Leap at vil.nai.com

As reported by MacCentral, Apple commented with a statement "Leap-A is not a virus, it is malicious software that requires a user to download the application and execute the resulting file," said Apple. "Apple always advises Macintosh users to only accept files from vendors and Web sites that they know and trust. We have a guide to safely handling files received from the Internet at docs.info.apple.com

MacTech

UGN Site Navigation:

Return to: the top of this page, or the INDEX for this department
Exit to: The User Group Network front page
Contact: The Editor, Webmaster or Membership Director

CREDITS:
This message comes to you from MacTech Magazine at www.mactech.com -- the Mac(tm) OS Technical News and Info server. ... Event dates are subject to change. Some products, programs, or promotions are not available outside the U.S. Prices are estimated retail prices and are listed in U.S. dollars. Product specifications are subject to change. Apple, the Apple logo, Mac, Mac OS, Macintosh, Power Mac, Velocity Engine, FireWire, AirPort, Safari, Sherlock, QuickTime, iLife, iTunes, iChat, iPhoto, iMovie, iDVD, iCal and Apple Store are either registered trademarks or trademarks of Apple. Other company and product names may be trademarks of their respective owners. Mention of third-party products is for informational purposes only and constitutes neither a recommendation nor an endorsement.

 

The User Group Network is a member of:, the MUG News, and is sponsored in part by: The Design & Publishing Center, The News Serve Network, and the Designers' Bookshelf. The User Group Network is the first, and the original user group network for computer users everywhere including, Apple, Mac-Pro, User Group Organization to support Macintosh, IBM PC, Microsoft, Compaq, Amiga, BE/OS, Linux, UNIX, and other leading computer platforms. Hosting services are provided by The Graphic Design Network to serve the computing community. For information about the UGNetwork, to get involved or have your own groups' home page located at user-groups.net, please contact us. Copyright 1994 through present. This site is maintained in the community interest by The Graphic Design Network c/o Showker Graphic Arts & Design, a Corporation of the Commonwealth of Virginia, Commonwealth of Virginia, 22801, Harrisonburg, VA, in the Shenandoah Valley of Virginia, established in 1972.

Valid HTML 4.01!