OS X virus 'as easy to catch as Bagle worm': Sophos

Leap-A or Oompa-Loompa, which was discovered in the wild earlier this week, spreads itself through Apple's iChat instant messaging application. However, in order to become infected, the Mac user must decompress the malicious file then run it, which is exactly what Windows users had to do in order to become infected by the Bagle virus.

Sean Richmond, senior technical consultant at Sophos, told ZDNet Australia that Leap-A has been misreported as a Trojan when it should actually be called a virus.

"It is not a Trojan. It can spread under its own power it is no more than [windows users] had to do for the Bagle worm, which came in a password protected zip file... People would unzip [Bagle] and run the executable inside," said Richmond.

Leap-A is the first piece of OS X malware to be discovered 'in the wild'. In late 2004, a piece of malware dubbed Renepo or Opener by security firms, proved that the Mac platform was not being completely ignored by cybercriminals.

Richmond admits that Leap-A is not a big risk but he said Mac users should see it as a wake up call.

"We have a low prevalence but it has been seen in the wild, whereas renepo, which did a lot to decrease OS X security but was never seen in the wild. This is out there rather than being an oddity," said Richmond.

• Related stories

• Alerts

Add your opinion

Mac OSX Virus . . . . Michael -- 20/02/06 (in reply to #120129544)

Mmmm. . . . The cynic in me thinks perhaps the back-room boys at the A/V companies are trying to open up a new market.

• Reply to comment
• Report offensive content

You should see what some of the AV vendors *could* do Anonymous -- 20/02/06 (in reply to #120129545)

Some of the engineers at AV vendors really do know how to write some hardcore virus code.

I know some of the securiy engineers at my office have some proof of concept code that they play with, which does some really crazy stuff.

My point is, 99.9% of in the wild virus/trojans/malware are being written by people who at best are mildly talented. The other .1% would destroy our world if they really focused on writing code.

If the AV vendors chose to write some new virus' then you can guarantee that we would know about it.

• Reply to comment
• Report offensive content

osx 'virus' Anonymous -- 20/02/06

you're right, Sophos appear to be performing some serious exaggeration with this. It requires at least three things to be done on an OSX.4 system for this worm to execute and it must be done manually. I can't believe the media are accepting the description of this as a virus as 'fact' and running with it! That's what is most disappointing

• Reply to comment
• Reply to story
• Report offensive content

Stop defending crap Anonymous -- 21/02/06 (in reply to #120129568)

Yeah right, but if it was a Windows PC, and the user had to do the same thing, then it would be Microsoft's fault. This really ticks me off about linux/macos fanboys, they think their OS is invincible and won't accept the reality that their things are nothing more than waiting to be infected POS.

• Reply to comment
• Report offensive content

Not defending Anonymous -- 28/02/06 (in reply to #120129614)

There will be a time when OS X will have virus'. Never say never. But there is a big difference in the security of Windows and OS X. Virus have easy access to the Kernel on windows, not so on OS X. Threat level of this trojan is low, and would never make an article if it was windows based. I do believe the A-V love the publicity on this.

• Reply to comment
• Report offensive content

Not a virus, a trojan Anonymous -- 02/03/06

This is not technically a virus but a trojan. It cannot auto replicate without human intervention. The windows vesion could auto replicate because by default windows autoruns everything. However, this highlights the security philosophy of the various operating systems. Unices (including OSX) have security, Windows doesn't. According to one security website there are about 10 known viruses for Linux, about 15 for OSX an only 83,000 for Windows. Hmmm, what does that tell me...

• Reply to comment
• Reply to story
• Report offensive content

it tells me... Damon Wynne -- 02/03/06 (in reply to #120130048)

It tells me that os x as a platform doesn't hold the same level of exposure that windows does.

Off hand, CERT records around 30ish vulnerablities for os x.

Of those you could make potentially thousands of exploits, just the same as the core vulnerabilities for windows are exploited by thousands of virus attacks.

What you fail to realise is that security experts have been telling mac users for years now that lack of virus targetted towards os x does not mean you are protected from attack. There are vulnerabilities that virus writers are only now bothering to expose to attack, and saying that the os x platform is more secure is not helping you. Its like standing in front of a cannon with a tissue (the windows user) or with nothing (the mac user) and saying to the windows user, "that tissue is going to do nothing to stop the cannon ball, but I am going to do my best to dodge it". The end result will be the same. Lack of protection will see the end system being compromised.

• Reply to comment
• Report offensive content

This reminds..... Anonymous -- 03/03/06

me of Firefox vs. IE. FF was great and then it became more popular and now is almost as insecure to use as IE. "The more popular a software, the more people try to bring it down." This is just the begining.

• Reply to comment
• Reply to story
• Report offensive content

You can't patch stupidity pluto_777 -- 03/03/06

The best thing to do is to use a standard personal account and keep admin separate.

• Reply to comment
• Reply to story
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials