A New Mac Virus? Be Careful What You Wish For!

February 18th, 2006

Some people might have felt safe referring to Mac OS X as the “teflon operating system,” because it was free of real virus threats. Proofs of concept didn’t count. But the news that there is, at last, genuine Mac malware in the wild should end your complacency for good.

The offending file bears the innocuous name of latestpics.tgz and was posted earlier this week at the Mac Rumors site, on one of their message boards. It purports to contain screen shots of the forthcoming Mac OS 10.5, code-named Leopard. If you actually downloaded and decompressed the file, it would contain a JPEG icon. According to the folks at Intego, publishers of VirusBarrier, that alleged picture file, when launched, infects the four most recently launched Cocoa applications. Worse, it attempts to replicate itself by sending the file to everyone on your iChat Buddy List.

Although Apple’s official stance is that it’s not a virus, just a malicious file, Intego regards it as a triple threat. “First, it is a Trojan Horse, an executable hidden inside a file disguised as a graphic file. Then it is a virus, as it replicates in other applications on a user’s computer. Finally, it is a worm, when it sends itself, via iChat, to other users.”

Although some have suggested that Apple’s switch to Intel would make the platform more vulnerable, this particular infection can apparently only do its dirty work on Macs with PowerPC. I do not think, however, that this is not some Internet prankster’s attempt to force us to update our Macs.

To be sure, users of the commercial Mac virus applications can now download updated virus detection definitions that will deal with this threat, which Intego calls Oompa-Loompa and is known as OSX.Leap.A by Symantec. If you want more of the technical details of the threat and other ways to protect yourself, you’ll want to read an extensive report on the subject from Macworld’s Rob Griffiths. The article also includes links to a comprehensive analysis of the actual file and how it does its dirty work from Andrew Welch, founder of Ambrosia Software.

If you have been telling your friends that viruses cannot infect Macs, now is the time to be realistic about the subject. Before Mac OS X arrived, there were dozens of infections impacting the Classic Mac OS. While most were nowhere near as malicious as the tens of thousands of viruses that have inundated the Windows platform, there were plenty of annoying consequences. Back in the late 1980s, when I was quite naive about such matters, I inadvertently installed in infected application within days after I had purchased a new Mac. The virus was virulent enough to require me to wipe the hard drive and reload all my data. Fortunately, I didn’t create any documents that couldn’t be replaced, but it was a wake up call.

Over the years, I have warned my readers about practicing safe computing. From time to time, I’ve featured product people from various software security companies on The Tech Night Owl LIVE, because I’ve always believed that freedom from malware on Mac OS X was only temporary. In fact, last week’s episode featured David Loomstein, the newly appointed U.S. Senior Business Development Manager for Intego. I didn’t realize I’d have him back so quickly, but he’ll return on next week’s show to provide more details about Oompa-Loompa.

So where do we go from here? Well, Loomstein says it’s possible for another Internet criminal to add a destructive payload to this file, one that’ll delete your files or perform other malicious acts. As threats go, this one is regarded as fairly low level, but it’s only the beginning, and it’s certain other infections will appear before long. So if you’ve been reluctant to buy a virus protection product, it’s high time to reconsider your decision.

In addition to installing virus protection software, you should be extremely careful about the files you download and open. I know it’s very common for people to send jokes and funny files. It’s easy to relax your guard and just accept any file you get, particularly if it comes from someone you know. Files are often sent during iChat sessions, but there is a default preference, “Confirm before sending files,” that requires your acceptance before a file is actually transmitted to you. You don’t want to turn off that preference. More to the point, if you are offered a file, even if it comes from a family member or friend, confirm they really wanted to send it to you. It’s a dangerous world out there.

I don’t expect that Mac users will confront such threats as frequently as Windows users. Mac OS X is inherently more secure, and I think that Apple’s decision not to call Oompa-Loompa a virus is besides the point. We all need to be protected and vigilant from here on.

| Print This Article Print This Article

Leave Your Comment