I have tested this... and it works. Thanks, Battman. I am going to ping the list to your find.
|
Posted on 02/24/2006 11:24:48 AM PST by Swordmaker
The iChat malware has been dubbed Leap-A by antivirus firm Sophos
FEBRUARY 16, 2006 (TECHWORLD.COM) - Apple Computer Inc.’s Mac OS X software has been hit by a mischievous instant messaging virus -- the first ever to target the operating system.
The virus, dubbed Leap-A by antivirus company Sophos PLC, apparently spreads using Apple’s iChat IM service, forwarding itself as a file called “latestpics.tgz” to an infected user’s buddy contacts, according to information from U.K.-based Sophos.<>
Clicking on the file allows the malware to install and disguise itself as a harmless-seeming .jpeg icon.
Leap-A is believed to have originally been posted on a Web site for Apple users, posing as a software update. Although the virus is benign and is not believed to be spreading in large numbers, it still marks a minor landmark for a system that has come to be seen in some quarters as immune to such mundane security issues.
“It’s probably been written for publicity or as a proof-of-concept,” said Graham Cluley, an analyst at Sophos. "Some owners of Mac computers have held the belief that Mac OS X is incapable of harboring computer viruses, but Leap-A will leave them shell-shocked, as it shows that the malware threat on Mac OS X is real," he said.
Cluley said that some Apple users were claiming that Leap-A was somehow not a real virus because it required the victim to click on the link, an objection he branded as ridiculous. Many PC viruses needed user interaction to set off infection, he pointed out, and this one is no different.
Despite being aimed at Apple users, the virus follows broader trends in attempting to spread through instant messaging, the new application target of choice. This is seen as a less protected channel and therefore a point of vulnerability.
Although this is unlikely to be the last virus aimed at Apple users, it has a mischievous old-world feel to it. As with PCs, an increasing number of the platform’s security concerns now revolve around exploiting specific software vulnerabilities rather than code that aims to spread mayhem as well as itself.
Just this week I received a file that said it came from Mrs. Swordmaker... but she doesn't send email to me... we share the same Mac network and if she wants to send me something she just drops it in my Drop Box. Attached to it was an executable file that contained a Windows Spyware installer masquerading as something else... I don't recall what it was. It obviously came from one of those Windows computersthat many on here claim are easy to harden and secure, that had my wife's and my email addresses in the address book, but had somehow gotten hijacked and turned into a zombie. If this email were a little better constructed so as to appear similar to emails Mrs. Swordmaker might send to her friend and it was sent to someone who expects to get such an email from her... why wouldn't they "trust" the attachment?
A spam filter will not filter your friends... the people you have emailed. It CAN filter known, recognizable malware contained in attachments... but that is why the crackers are always trying to come up with something new.
OS X updates using the menu selection are safe... because there are built in checks to assure that the file is coming from Apple. A couple of years ago a proof of concept SPOOF update site was demonstrated... and Apple added the encrypted checks to the Software Update app and to their web site to ensure this could not happen. Microsoft also had the same problem a couple of years ago and actually had to shut down their update website for about a week to fix the vulnerability. DO NOT download OS updates off of non-official sites. There are no guarantees that what you are downloading is sanctioned by the publishers. Use the downloads from official sites only.
The .jpg exif exploit in MS Windows would have scared me if it transported to Mac.
You've seen one Mac virus, you've seen them all. Sure can't say that about Windoze.
Me, I like Unix, and have for the last 20 years....
Just an FYI for those who might be paranoid now (although there is no good reason)... This might lighten your fears a bit:
http://www.versiontracker.com/dyn/moreinfo/macosx/29221
I have tested this... and it works. Thanks, Battman. I am going to ping the list to your find.
|
SafeTerminal downloaded, installed and checked....all ok.
Thanks!
So let me get this straight, if I don't use ichat, I don't have anything to worry about?
The original file that would infect you with the Leap.A or Oomp.A requires that you download it and install it. This file was named "latestpics.tgz" which it was claimed was a zipped file of pictures of OSX.5 Leopard. It is not... instead it unzipped to what appeared to be a single JPEG image file. You would THEN need to double click THAT resulting file supposedly to see the picture... but it would launch an Appliction that would install itself on your computer.
It would then look at your "buddy list" in iChat and offer a copy of itself to everyone on your Buddy List... but it can only SEND itself to Buddies who connect via Bonjour, in other words, only to LOCALLY recognizeable computers, not over the internet. Those buddies would then have to accept the file, download it, unzip it, etc. (repeat as needed) for it to continue the infection onward.
In addition, it would look in Spotlight to find the last four Cocoa application that you ran and write itself into the code of those app... but here is the rub. It can only do that to apps that are specifically installed in your USER Application folder, not the System Application File. VERY FEW Mac users even have a users Application folder.
Oh... and then those Apps won't work anymore.
The only way you can get the Leap-A malware on your machine is if you take some action to put it there yourself. You might receive a file from a buddy in iChat, or download something from the Internet, or open an attachment to an e-mail message. The program code is presently hiding in what claims to be pictures of OS X 10.5, Apple’s next major OS X upgrade. To get Leap-A on your machine, you must (a) receive the file, which is compressed; (b) expand the archive; and (c) double-click what appears to be an image file to execute the code. You cannot get the malware by simply browsing the Internet, reading e-mail, or chatting with friends in iChat.
A good link for completely different view on the subject:
http://www.wired.com/news/columns/0,70257-0.html?tw=rss.technology
(Denny Crane: "I Don't Want To Socialize With A Pinko Liberal Democrat Commie. Say What You Like About Republicans. We Stick To Our Convictions. Even When We Know We're Dead Wrong.")
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.
