“They used to call it bird flu … now it’s…” by MFinChina
Jenimi was first to shoot me an email about it, and soon after, system admins on my university mailing list started worrying about it. Sophos is reporting the “first ever virus for Mac OS X discovered“. Apparently they claim that the Leap-A worm spreads via the iChat instant messaging system. Just how true is this?
On April 9th, security firm Intego sent out a press release about the threat of the first Trojan for Mac OS X, named MP3Concept or MP3Virus.Gen. Wired News reported that security experts later on slammed Intego for exaggerating the threat of what the company identified as the first Trojan when it was merely a proof-of-concept which never went out into the wild. Dominic, a UB Mac lab admin, reminded everyone on our list that this new “virus” relied on social engineering to trick a user into downloading and opening malware disguised as an image.
So this isn’t the first time a virus company has tried to be the first to report on a Mac OSX virus. More reports are coming in that “Leap-A worm” is hard to classify as a virus since the user has to take several steps for it to be active. The “virus” will not work on its own because this “script” actually requires you to enter your admin password for it to modify the system files it requires. Some people are calling this a trojan, but then again, it also won’t work on its own unless the user purposely installs it. Being a jpeg file, having a strange dialogue box popup to ask for your password should make many cautious. Once it is active though, it is said to spread via AIM/iChat as a jpeg.zip file. I find this hard to take seriously though, since it’s not likely to get out in the wild. For all we know, it could be an isolated experiment by yet another anti-virus company to create demand (think Johnny Mnemonic).
If you’re interested to know more, there’s a detailed discussion on Macrumors.com
Hat tip to Peter and Jenimi for helping research this article, which is now cited on Blogpulse Spotlight