First Mac OS X Virus? Apple Says No
Loyalists on both sides of the Mac versus Windows debate shot into action Thursday following news that the first virus had been spotted for Apple's operating system. The malware, dubbed Leap.A, spreads through iChat and infects local applications. But Apple downplayed the threat, saying malicious software is different from a virus.
According to security firm F-Secure, Leap.A is simply a standard executable compiled for Mac OS X. It is distributed as an archive called latestpics.tgz. "First it drops an icon resource and an external hook bundle which is used for spreading through iChat," the company said in an advisory.
Once Leap.A is activated, when any iChat user changes his or her status, the worm initiates a file transfer for the latestpics.tgz archive. The file transfer takes place in the background and is hidden from the user.
In addition, the malware replaces all applications that have been used in the last month with itself, saving the original executable as a resource fork with the same filename. According to F-Secure, "When the application is opened the worm activates first, then it runs the original application from the resource fork."
Leap.A first cropped up on a MacRumors forum, purportedly as a screenshot of Mac OS X 10.5, code-named Leopard. Security vendors including McAfee and Symantec have labeled the file a "low-level threat" and experts have largely characterized it as an example of potential risks Mac OS X users face.
In a statement, Apple disputed that Leap.A was a virus, calling it "malicious software that requires a user to download the application and execute the resulting file."
"Apple always advises Macintosh users to only accept files from vendors and Web sites that they know and trust. We have a guide to safely handling files received from the Internet," the company said.
Still, virus or not, Leap.A has sparked discussion about whether Apple's UNIX based operating system will prove as vulnerable as Windows. Security has become a top focus of Microsoft over the past two years, and Windows Vista is slated to bring a number of enhancements to protect users. Mac users have largely been spared of such troubles, but that could change, analysts say.
"I've seen blogs and news sites suggesting that the so-called iPod effect is increasing Mac sales, putting more Macs in use and making Apple's operating system a bigger target. I don't believe it," commented Jupiter Research senior analyst Joe Wilcox. "There are 42 million-plus sold. Anyone see a viable, mass iPod virus?"
However, Wilcox notes that Apple's move to the Intel platform could also bring the first big security problems. "The volume of hackers sure does appear to be greatest on computers running Intel or AMD processors. Now, alongside Windows and Linux, those hackers can run Mac OS X."
Adds Wilcox: "My concern: Of the nearly two dozen people I know with Macs at home, I'm the only one using antivirus software. When trouble comes, many Mac users won't be prepared."