This thread will be updated from time to time. To discuss each individual case, please follow each each thread.
cause: A proof-of-concept piece of malware, the worm attempts to spread via iChat instant messaging. The worm sends itself to available contacts on the infected users' buddy list in a file called "latestpics.tgz" This worm requires users to enter administrator password.
official words: "Leap-A is not a virus, it is malicious software that requires a user to download the application and execute the resulting file."
solution: (obvious,) don't launch untrusted applications.
update solution: install [sdt=10971]Security Update 2006-001[/sdt]
Safari (launches unsafe file) [sdt=10910]thread[/sdt]
cause: (by default) Safari launches downloaded ZIP archives by itself, no user interaction.
solution: Go to Safari's preferences, and in General preferences un-tick â€œOpen "safe" files after downloadingâ€
UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8