«
»

First Worm for Mac OS X?

worminappleSymantec has announced what may be the first virus written to target Mac OS X.

Called OSX.Leap.A, the worm-like virus spreads itself as an iChat file attachment.

But is it a real worm or just a clever script, a genuine threat or a false alarm like others in the past?

Leander Kahney on Cult of Mac considers the options , offering the conclusion that “it may be mostly harmless now, but will likely lead to much nastier versions in the future.”Symantec, ichat, worm, virus, mac osx, OSX.leap.A, false alarm, Leander Kahney

Similar Posts:

Tags: , , , , , , ,

This entry was posted on Sunday, 19th February, 2006 at 12:46 am and is filed under Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “First Worm for Mac OS X?”

  1. Tony Meyer says:
    February 19th, 2006 at 6:55 am

    Calling this a virus is incorrect; it is clearly not a virus.

    Whether it’s a trojan horse that acts like a worm or a worm that uses trojan horse techniques to get installed is really a matter of definition.

    There’s nothing all that new here. If you accept files from people you don’t know (via email, chat, or whatever), you’re an idiot.

    It’s really quite something that OS X is so virus-free that the media (who are astonishingly ignorant about the very subjects that they write about) is so quick to call any sort of malware a virus, when that is definitely not the case.

  2. kurt says:
    February 19th, 2006 at 5:09 pm

    Why is it everywhere I look I find people who clearly don’t know what they’re talking about proclaiming that this isn’t a virus?

    It is a virus – it’s a type of companion infector. It replaces host programs with itself and keeps a copy of those host programs so that when an attempt is made to execute the host program the virus gets executed and then it executes the original host program. Although the most well known companion viruses never had to alter or move their host programs in order to infect them, there are examples of some that did (goldbug, for example).

  3. Tony Meyer says:
    February 19th, 2006 at 6:22 pm

    Sorry, my mistake. Almost no-one is actually saying that it modifies the four most recently used (non-root) applications, which, yes, does make it a virus. I wrote the above comment before I had read Symantec’s outline, which does include that information.

    Just about all the information I’ve read (which I’ve just come across, I’m not interested enough to actually look anything up) describes it as a file that spreads via chat, iff the user accepts it, without mentioning the modification.

Leave a Reply