The first worm targeting Apple Computer's Mac OS X operating system has surfaced, though it does not appear to be widespread or especially dangerous.

Its emergence, however, could indicate that hackers — who have almost exclusively targeted the much-larger Windows PC market — are expanding their attacks, computer-security experts say. (Related item: Apple hackers encounter a poetic warning)

"This could serve as a springboard for more attacks on the Macintosh because it might spawn copycats," says Ken Dunham, director of information security intelligence at iDefense, a VeriSign company.

The so-called OSX.Leap.A worm is designed to spread over iChat, Apple's instant-messaging system. Security experts call it the first notable Mac worm in several years, surfacing in a forum on the popular MacRumorswebsite on Feb. 13.

When launched, it can damage software applications and the operating system, says Vincent Weafer, senior director of Symantec Security Response.

A Web link pointing to the worm offers a sneak peek of screen shots for Leopard, the next major revision of Mac OS X. Those who download the compressed file and attempt to open what looks like a photo file receive the worm, Symantec says.

Writers of malicious software code have historically ignored Macs because about 95% of the world's PCs are Windows-based.

There are hundreds of thousands of viruses and worms aimed at Windows machines.

Conversely, there are about 200 worms and viruses targeting Macs, but they are extremely low-risk and predate OS X, the current Mac operating system, Weafer says.

Source (http://www.usatoday.com/tech/news/computersecurity/2006-02-16-apple-first-worm_x.htm?POE=TECISVA)

*yawns*

The "worm" actually had an error in the code, so essentially it didn't do anything. I am giving it 3 more days before a security update fixes this non issue.

First of all, USA today for your source?

http://news.google.com/news?hl=en&ned=&q=mac+virus&ie=UTF-8&scoring=d

Yeah,

People are gonna run with this. All those times Apple fanatics said that Mac don't get viruses are going to be dredged up, MS losers will revel in it, it'll go on for at least a week.


http://www.macrumors.com/pages/2006/02/20060216234239.shtml

The media hype is going to suck. Hell, Slashdot was really kind with it.

Lol I didn't catch that.

It's not a virus or a worm though. It's a Trojan horse. It's a UNIX executable that's posing as a JPEG. They just copied the icon over from a JPEG. Safari registers it as an application and warns you when you open it. Then it requires even more user intervention to attempt to view it.

And it was a shitty rumor site exclusive!

And it was a shitty rumor site exclusive!I post there. And I missed out. I don't even run as admin at work. =-o

All the fun is gone now!

I'd like a little more warning from OS X when you're handling compressed files. Like a preview mode that lets you see what's inside and some sort of highlight for applications. It'll expose and attempt at disguising applications/exexcutables as other file types.

Well, it kind of does, if you have file extensions on.

Well, it kind of does, if you have file extensions on.Yeah, but everything looks so ugly with extensions on. I just want to see something more than Safari's warning. Along the lines of "Examine Application" after you download it via Safari.

Just read this on BBC news there now. Not too much to worry about, but I guess it does mean that it's possible, and, inevitable that us Mac users will have to worry about viruses/Worms/Trojans at some point in the future.

http://today.reuters.com/news/newsarticle.aspx?type=internetNews&storyid=2006-02-17T012934Z_01_N16227596_RTRUKOC_0_US-APPLE-VIRUS.xml&rpc=22

A web poll of more than 600 computer users*, conducted by Sophos in the wake of the discovery of the first Mac OS X worm, has revealed that 79% believe Apple Macintoshes will be targeted more in future. However, over half of those polled said they did not believe the problem would be as great as for Windows.

Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centres, advised users yesterday of the discovery of the Leap-A worm, which can spread via the iChat instant messaging system.

"The bad news is that most people think the situation is going to get worse for Macintosh users, and more threats will be targeted against the Apple community. The good news is that most don't believe it will ever be as big a problem as the one Microsoft Windows faces," said Graham Cluley, senior technology consultant for Sophos. "What's perhaps surprising is that there is a hardcore element of 21% who believe that threat attempts against Mac users will not grow."

"The correct response is to remain calm and take sensible measures to protect your Mac computers in future," continued Cluley. "The Leap-A worm isn't in itself a significant threat, but it should act as a helpful reminder that malware can be written for any computer and that the best protection is through sensible best practise, firewalls, security patches and anti-virus technology. Mac users cannot keep thinking that they are invulnerable to these threats."

Some members of the Apple Macintosh community have claimed that Leap-A is a Trojan horse, and not a virus or worm, because it requires user interaction (the user has to receive a file via iChat, and manually choose to open and run the file contained inside). However, this is not the definition of a Trojan horse.

A Trojan horse is a seemingly legitimate computer program that has been intentionally designed to disrupt and damage computer activity. Importantly, Trojan horses do not replicate or have any mechanism of spreading themselves. They have to be deliberately planted on a website, or accidentally shared with another user, or spammed out to email addresses.

Trojan horses do not contain any code to distribute or spread themselves, viruses and worms do.

Leap-A is programmed to use the iChat instant messaging system to spread itself to other users. As such, it is comparable to an email or instant messaging worm on the Windows platform. Worms are a sub category of the group of malware known as viruses.

Source (http://www.net-security.org/press.php?id=3866)

Am I the only one that's not too worried about this? Or am I being ignorant?

Source (http://www.net-security.org/press.php?id=3866)

Am I the only one that's not too worried about this? Or am I being ignorant?I'm not really worried. I understand the propagation and I'm just more vigilant about what kind of files I download.

^Yeah, ditto.

First of all, USA today for your source?

http://news.google.com/news?hl=en&ned=&q=mac+virus&ie=UTF-8&scoring=d

Yeah,

People are gonna run with this. All those times Apple fanatics said that Mac don't get viruses are going to be dredged up, MS losers will revel in it, it'll go on for at least a week.


http://www.macrumors.com/pages/2006/02/20060216234239.shtml

The media hype is going to suck. Hell, Slashdot was really kind with it.


I actually got my source from Google News. I just picked one random link.

having delt with Sophos I don't trust them at all, their software does one of the worst jobs of dealing with viri, trojans etc that I've ever seen.

And when you downloaded this Trojan that claimed to be an image, you were prompted with the "This Download contains and Application" dialogue. And I recall a few people who wrote widgets that ran harmful terminal commands, but those never really caught on.