A new Mac OS X worm is slithering around the Internet, apparently trying to
capitalize on users’ curiosity about the upcoming 10.5 “Leopard” operating system.
Antivirus vendors Fortinet, McAfee, Sophos, Symantec and others dubbed it Leap.A. Security rating firm Secunia has ranked the worm as a “very low risk” and major antivirus vendors have provided updates to protect against it.
Ken Dunham, director of the rapid response team at iDefense,
said the worm first appeared on a Mac users site as a link claiming to be
screenshots of the unreleased Mac OS X 10.5 Leopard system.
The link leads to a file that appears to be a JPEG but is actually the worm executable. Once activated, the worm will delete files on the user’s Mac and send itself to other users via Apple’s iChat instant messaging client.
Leap. A is using a relatively new attack vector with Apple’s iChat instant
messaging application. IM based worms are increasingly common on Windows
PCs but have been nearly non-existent for Mac users.
“Leap.A (CME-4) acts like a combination of a Trojan, virus and worm,”
Dunham commented. “It acts like a Trojan because it masquerades as a JPEG
file, a virus because it attempts to infect executables, and a worm because
it attempts to send copies of itself to others via iChat. This last action
is similar to that of an instant messaging worm on the Windows platform.”
Earlier this week, Apple updated
OS X to version 10.4.5. The actual Leopard 10.5 release is expected by
the end of 2006.