Macs Not Safe From Viruses

Many (most?) Mac users chuckle whenever a new virus or worm or trojan horse alarms the Windows world. Mac-ites haven't had to worry too much about being infected by such "malware" due in part to the significantly larger number of Windows users, and the greater ease of hacking into the Windows operating system. Unfortunately, the Mac world may become as dangerous as the Windows world.

Computer security company Sophos says it has found the first Mac OSX worm.

The OSX/Leap-A worm spreads via the iChat instant messaging application, forwarding itself as a file called 'latestpics.tgz' (masquerading as screenshots of OS X 10.5) to contacts on the infected users' buddy list. When the archive file is opened on a computer it disguises its contents with a JPEG graphic icon in an attempt to convince people that it is harmless.

The worm uses the text 'oompa' as an infection marker in the resource forks of infected programs to prevent it from reinfecting the same files but doesn't appear to do any damage.

However resource forks are largely a thing of the past - a legacy from OS 9 - suggesting that few files on up-to-date systems will be infected.

Graham Cluley, senior technology consultant for Sophos which makes anti-virus software for OS X said that Mac users should no longer think that they do not have to worry about viruses.

'Some owners of Mac computers have held the belief that Mac OS X is incapable of harbouring computer viruses, but Leap-A will leave them shellshocked, as it shows that the malware threat on Mac OS X is real,' he said.

He added that, 'Apple Mac users need to be just as careful running unknown or unsolicited code on their computers as their friends and colleagues running Windows,' although there is nothing in this alert to suggest anything of the sort.

Sophos, Symantec, McAfee and Intego have all added the code’s description to their Mac anti-virus software files, which can be downloaded from each publisher’s respective Web site.

If you're a Mac user and you encounter the “latestpics.tgz” file, avoid downloading or running it.