SillyDog701

[J-M]

Details at
http://news.com.com/2102-7349_3-6040681 ... util.print

From the article:

Apple and outside analysts said the program, referred to as Leap-A, is not a "virus" per se. Rather, it "requires a user to download the application and execute the resulting file," Apple said in a statement to CNET News.com. The company provided no further comment on the nature of the program.

The malicious software, which has also been dubbed OSX/Oompa-A and the Ooompa Loompa Trojan Horse by other security experts, appears to have spread minimally so far and has achieved low-level threat classifications from McAfee and Symantec.

But security experts cautioned Macintosh users to view the incident as a wake-up call that all operating systems have vulnerabilities.

Anti-virus vendors have several descriptions published:
http://www.f-secure.com/v-descs/leap_a.shtml

http://securityresponse.symantec.com/av ... eap.a.html

and

http://www.sophos.com/virusinfo/analyses/osxleapa.html

Reportedly the worm spreads via the iChat instant messaging system, forwarding itself as a file called latestpics.tgz to contacts on the infected users' buddy list. It will only run on the Mac OS X version 10.4.

Some sources named this malware as virus. However, it is not a virus.

Antony, opinions. There was no any information posted to SD701 yet.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi-FI; rv:1.7.12) Gecko/20050919 Firefox/1.0.7

[Antony]

J-M,
Please see [sdt=10877]this thread[/sdt], it was posted 11 minutes before your post

Antony, opinions. There was no any information posted to SD701 yet.

I won't call it a virus. However, Mac OS X is still safe

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8

[J-M]

J-M,
Please see [sdt=10877]this thread[/sdt], it was posted 11 minutes before your post

Thanks.
There was no this thread when I started to post and collect links from several AV company sites. Maybe I forgot to use Refresh button.

Many news sources see this as a low-threat when writing this.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi-FI; rv:1.7.12) Gecko/20050919 Firefox/1.0.7

[Antony]

Remember this proof-of-concept virus (MP3 Trojan horse) targeting Mac OS X, and the company, Intego, behind it?

What was that proof-of-concept about? It's just some "concept". Intego announced that they discovered such "proof-of-concept", and they were selling protection software. Intego did make itself a hot topic at that time, for a relatively short period, but then people started to realise Intego exaggerated a stupid "concept" to make itself well known.

And for now? Hardly everyone heard the name Intego, and when people recall the case, Intego has a bad name.

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8

[Antony]

According to The Mac Observer, Apple released an official statement saying the "proof-of-concept" OSX/Leap-A is not a virus.

Apple Computer released an official statement regarding "OSX/Leap-A," a proof-of-concept piece of malware The Mac Observer reported early Thursday morning. In the statement, which was released to the Wall Street Journal, the company noted that ""Leap-A is not a virus, it is malicious software that requires a user to download the application and execute the resulting file."

Leap-A is merely an attempt to disguise an executable program as an image in effort to trick the recipient into launching the program. Launching a program in Mac OS X requires the user to enter their password, an indicator that should clue most users into the fact that it is not what it appears to be.

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8