First ever virus for Mac OS X discovered… Again?!?

happy virus china
“They used to call it bird flu … now it’s…” by MFinChina

Jenimi was first to shoot me an email about it, and soon after, system admins on my university mailing list started worrying about it. Sophos is reporting the “first ever virus for Mac OS X discovered“. Apparently they claim that the Leap-A worm spreads via the iChat instant messaging system. Just how true is this?

On April 9th, security firm Intego sent out a press release about the threat of the first Trojan for Mac OS X, named MP3Concept or MP3Virus.Gen. Wired News reported that security experts later on slammed Intego for exaggerating the threat of what the company identified as the first Trojan when it was merely a proof-of-concept which never went out into the wild. Dominic, a UB Mac lab admin, reminded everyone on our list that this new “virus” relied on social engineering to trick a user into downloading and opening malware disguised as an image.

So this isn’t the first time a virus company has tried to be the first to report on a Mac OSX virus. More reports are coming in that “Leap-A worm” is hard to classify as a virus since the user has to take several steps for it to be active. The “virus” will not work on its own because this “script” actually requires you to enter your admin password for it to modify the system files it requires. Some people are calling this a trojan, but then again, it also won’t work on its own unless the user purposely installs it. Being a jpeg file, having a strange dialogue box popup to ask for your password should make many cautious. Once it is active though, it is said to spread via AIM/iChat as a file. I find this hard to take seriously though, since it’s not likely to get out in the wild. For all we know, it could be an isolated experiment by yet another anti-virus company to create demand (think Johnny Mnemonic).

If you’re interested to know more, there’s a detailed discussion on

Hat tip to Peter and Jenimi for helping research this article, which is now cited on Blogpulse Spotlight

6 thoughts on “First ever virus for Mac OS X discovered… Again?!?

  1. If virus writer are gaining interest in developing for os x, firstly I would say it is because mac is more popular and well known then it used to be.

    Secondly, it could also be the transition to intel that will allow more non-owner of apple hardware to load os x.

    It might not be a bad news after all, with the increase in popularity, meaning more people will buy a mac, it might be cheaper for us to own one after masssive production than before.

  2. In order for the virus to enter our computers (be it PC or Mac), a lot depends on the users’ side. If the users understands the threats, there would be a lesser probability that he would end up with an infected computer…

  3. Macs are getting popular for sure… thanks to the popularity of iPods. I can just imagine how some of these anti-virus companies are just waiting to cash in on unsuspecting Mac users’ fear of the unknown. As with everything in life, the price of freedom is eternal vigilance.

  4. Some were written to make use of exploits of current software. An example would be the preview feature of some emailing clients which in actual fact open the emails and execute the codes in them.

  5. Another reason why Intel/Microsoft-based systems are so prone to virus attacks is that it is too easy for applications to be run as the administrator account. Software for the PC platform is almost never written with the OS in mind and many liberties are taken with the coding– so much, in fact, that even serious network administrators will find themselves making concessions for poorly designed software to run with higher-than-necessary access just because they don’t have the time or resources to deal with patching every software permutation together and testing them out. Mac apps are tightly integrated with the OS from development to deployment so I don’t even think there will be a huge worry about Linux/Unix-based Int 80h exploits with the new Intel architecture.

Comments are closed.