OS X virus 'as easy to catch as Bagle worm': Sophos

17 February 2006 04:06 PM

Tags: leap-a, osx, renepo, opener, bagle, sophos, virus, os x

Apple OS X users can catch the first real virus for Apple's OS X platform as easily as Windows users can catch the Bagle virus, according to anti-virus firm Sophos.

Leap-A or Oompa-Loompa, which was discovered in the wild earlier this week, spreads itself through Apple's iChat instant messaging application. However, in order to become infected, the Mac user must decompress the malicious file then run it, which is exactly what Windows users had to do in order to become infected by the Bagle virus.

Sean Richmond, senior technical consultant at Sophos, told ZDNet Australia that Leap-A has been misreported as a Trojan when it should actually be called a virus.

"It is not a Trojan. It can spread under its own power it is no more than [windows users] had to do for the Bagle worm, which came in a password protected zip file... People would unzip [Bagle] and run the executable inside," said Richmond.

Leap-A is the first piece of OS X malware to be discovered 'in the wild'. In late 2004, a piece of malware dubbed Renepo or Opener by security firms, proved that the Mac platform was not being completely ignored by cybercriminals.

Richmond admits that Leap-A is not a big risk but he said Mac users should see it as a wake up call.

"We have a low prevalence but it has been seen in the wild, whereas renepo, which did a lot to decrease OS X security but was never seen in the wild. This is out there rather than being an oddity," said Richmond.

Talkback (9)
Print
E-mail
Share
- del.icio.us
- Digg
- Reddit
- Slashdot
- StumbleUpon

Talkback 9 comments

Add your opinion

Mac OSX Virus . . . . Michael -- 20/02/06

Mmmm. . . . The cynic in me thinks perhaps the back-room boys at the A/V companies are trying to open up a new market.
- Reply to comment
- Report offensive content
1. You should see what some of the AV vendors *could* do Anonymous -- 20/02/06
  
  Some of the engineers at AV vendors really do know how to write some hardcore virus code.
  
  I know some of the securiy engineers at my office have some proof of concept code that they play with, which does some really crazy stuff.
  
  My point is, 99.9% of in the wild virus/trojans/malware are being written by people who at best are mildly talented. The other .1% would destroy our world if they really focused on writing code.
  
  If the AV vendors chose to write some new virus' then you can guarantee that we would know about it.
  - Reply to comment
  - Report offensive content
osx 'virus' Anonymous -- 20/02/06

you're right, Sophos appear to be performing some serious exaggeration with this. It requires at least three things to be done on an OSX.4 system for this worm to execute and it must be done manually. I can't believe the media are accepting the description of this as a virus as 'fact' and running with it! That's what is most disappointing
1. Stop defending crap Anonymous -- 21/02/06
  
  Yeah right, but if it was a Windows PC, and the user had to do the same thing, then it would be Microsoft's fault. This really ticks me off about linux/macos fanboys, they think their OS is invincible and won't accept the reality that their things are nothing more than waiting to be infected POS.
  - Reply to comment
  - Report offensive content
2. Not defending Anonymous -- 28/02/06
  
  There will be a time when OS X will have virus'. Never say never. But there is a big difference in the security of Windows and OS X. Virus have easy access to the Kernel on windows, not so on OS X. Threat level of this trojan is low, and would never make an article if it was windows based. I do believe the A-V love the publicity on this.
  - Reply to comment
  - Report offensive content
Not a virus, a trojan Anonymous -- 02/03/06

This is not technically a virus but a trojan. It cannot auto replicate without human intervention. The windows vesion could auto replicate because by default windows autoruns everything. However, this highlights the security philosophy of the various operating systems. Unices (including OSX) have security, Windows doesn't. According to one security website there are about 10 known viruses for Linux, about 15 for OSX an only 83,000 for Windows. Hmmm, what does that tell me...
1. it tells me... Damon Wynne -- 02/03/06
  
  It tells me that os x as a platform doesn't hold the same level of exposure that windows does.
  
  Off hand, CERT records around 30ish vulnerablities for os x.
  
  Of those you could make potentially thousands of exploits, just the same as the core vulnerabilities for windows are exploited by thousands of virus attacks.
  
  What you fail to realise is that security experts have been telling mac users for years now that lack of virus targetted towards os x does not mean you are protected from attack. There are vulnerabilities that virus writers are only now bothering to expose to attack, and saying that the os x platform is more secure is not helping you. Its like standing in front of a cannon with a tissue (the windows user) or with nothing (the mac user) and saying to the windows user, "that tissue is going to do nothing to stop the cannon ball, but I am going to do my best to dodge it". The end result will be the same. Lack of protection will see the end system being compromised.
  - Reply to comment
  - Report offensive content
This reminds..... Anonymous -- 03/03/06

me of Firefox vs. IE. FF was great and then it became more popular and now is almost as insecure to use as IE. "The more popular a software, the more people try to bring it down." This is just the begining.
You can't patch stupidity pluto_777 -- 03/03/06

The best thing to do is to use a standard personal account and keep admin separate.

Add your opinion

Latest Videos

Play now

Visa CIO touts new transaction technologies
Michael Dreyer, CIO of Visa, expresses what innovation means to him in different areas, such as their PayWave … Watch it now
Planet CNET: Spooning at 40,000 feet
Apple drops iPhone NDA
Planet CNET: running low on oxygen
More videos »

Blogs

Australian Govt funds IT start-ups
This week Australia's Federal Government announced it had allocated $3.6 million in funding to 57 local research projects so that they could be commercialised, with many of them being web or IT-related start-ups.
Google should come clean on datacentres
It's nice that Google says it has put an effort into making its datacentres more energy efficient, but the search giant's pledges won't mean much until it discloses just how many of the beasties it's actually running.
US shows what OPEL could have been
Sprint's WiMAX roll-out in Baltimore will prove the Australian government's decision to worm its way out of the Opel WiMAX contract was a short-sighted, and ultimately damaging, political stunt that has benefited nobody.
More blogs »

Hot Spot - What's Important

Achieve continuous availability with high performance NonStop blade technology

Looking to buy a printer? Our superguide rates the latest printers and shines a light into the industry.

Download Your Microsoft Unified Communications Fact Pack now.

Microsoft Unified Communications - Take your Self Assessment Today.

Reader Services

Essentials

Superguide: Printers
Looking to buy a printer? Our superguide rates the latest printers and shines a light into the industry.
Storage and server superguide
Over the last decade the art of maintaining the datacentre of a large organisation has evolved into an art form.
Broadband speedtest
How fast is your Internet connection? Calculate the speed here.

OS X virus 'as easy to catch as Bagle worm': Sophos

Talkback 9 comments

Mac OSX Virus . . . . Michael -- 20/02/06

You should see what some of the AV vendors could do Anonymous -- 20/02/06

osx 'virus' Anonymous -- 20/02/06

Stop defending crap Anonymous -- 21/02/06

Not defending Anonymous -- 28/02/06

Not a virus, a trojan Anonymous -- 02/03/06

it tells me... Damon Wynne -- 02/03/06

This reminds..... Anonymous -- 03/03/06