Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

First Mac OS X Malware Infects Via iChat

The first piece of malicious code targeting Apple Computer's Mac OS X was identified by several security firms Thursday.

Dubbed "OSX/Leap.a" by McAfee, Sophos, and Symantec, the malware spreads using the Mac's built-in iChat instant messaging service, where it arrives as an IM file transfer. If the recipient opens the "latestpics.tgz" archive file received from someone on her iChat contact list, the payload, actually a compressed Unix shell program, installs. The Unix shell then uses Mac OS X 10.4' Spotlight search tool to sniff out other applications on the machine, and inserts a small bit of code into each application.

First discovered as a posting to the forum posing as screenshots of the next Apple OS, OS X 10.5, or "Leopard," OSX/Leap.a is actually a Trojan, not a worm, since it doesn’t' self-propagate.

"Some owners of Mac computers have held the belief that Mac OS X is incapable of harboring computer viruses, but Leap.a will leave them shell-shocked, as it shows that the malware threat on Mac OS X is real," said Graham Cluley, a Sophos senior technology consultant, in a statement.

"Mac users need to be just as careful running unknown or unsolicited code on their computers as their friends running Windows," he added.

  • 1