Mac OS X: The new target

IT security experts warned Apple computer users not to be complacent over the potential of malware after discovering the first virus engineered to attack the Mac OS X platform.

The virus, named Leap-A (also known as Oompa-A) spreads via the iChat instant messaging system, forwarding itself as a file called latestpics.tgz to contacts on the infected users' buddy list.

When the latestpics.tgz file is opened on a computer, it disguises itself with a JPEG graphic icon in an attempt to fool people into thinking it is harmless. The worm uses the text "oompa" as an infection marker in the resource forks of infected programs to prevent it from re-infecting the same files.

What is most important about this discovery is not the worm's payload - Sophos ranks its threat at low and blog Mac Rumors says no Mac OS X vulnerability exists to allow the virus' transmission. Instead, what concerns experts is the fact that a Mac platform, considered far superior to Windows in terms of security, can be infected with malware.

"Some owners of Mac computers have held the belief that Mac OS X is incapable of harboring computer viruses, but Leap-A will leave them shell-shocked, as it shows that the malware threat on Mac OS X is real," said Graham Cluley, senior technology consultant for Sophos. "Mac users shouldn't think it's OK to lie back and not worry about viruses."

In a Sophos web poll of more than 600 computer users, 79 percent think Macs will be targeted more in the future, although more than half do not expect it to reach levels that Windows has seen.

Sophos said it is continuing to examine Leap-A in an attempt to determine how the malware is spreading.

"This is the first real virus for the Mac OS X platform," added Cluley. "Apple Mac users need to be just as careful running unknown or unsolicited code on their computers as their friends and colleagues running Windows."

In a related development, anti-virus firm F-Secure today reported a Bluetooth worm that can also affect the Mac OS X.

OSX/Ingtana.A, a "proof-of-concept worm" for version 10.4, spreads from one infected system to another by using Bluetooth OBEX Push vulnerability. The Bluetooth technology allows Macs to commuicate with each over close distances.

The worm, though, is not considered a threat, F-Secure said.

"Inqtana.A has not been met in the wild, and it uses (a) Bluetooth library that is locked into specific Bluetooth addresses, and the library expires on (Feb. 24)," the company said.

Some security experts said they were not surprised Mac operating systems were being targeted.

"We have speculated that attackers would turn their attention to other platforms, and two back-to-back examples of malicious code targeting Macintosh OS X this week illustrates this emerging trend," said Vincent Weafer, senior director at Symantec Security Response.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.