Hoax, Trojan Horse, Or First Mac OS X Virus?

Mac malware. It had to happen, sooner or later. Looks like it’s sooner. Mac news sites report the first signs of a credible trojan horse threat for Mac OS X Tiger.

“OSX/Leap A” has arrived, ready to infect virgin Macs world wide. Are we prepared for the latest malware, trojan horses, and viruses?

Probably not, though this latest threat appears real, it is NOT a virus.

Sophos, the computer security company best known for “crying wolf” to Mac users, has named this trojan horse OSX/Leap A.

Guess what? They’re advising Mac users to get virus protection and to make sure that their virus definitions are up to date. Duh.

From what I can gather of all the reports, some of which are sensationalist in nature, while others take a more factual approach, this is basic malware, not a virus.

What’s the difference? None, if the offending file wrecks your computer.

That doesn’t appear to be the case with OSX/Leap A.

A trojan horse usually tricks a computer user into thinking it (the file or application) is something different than what it is.

A computer user opens a file, either an attachment or downloaded, which then proceeds to destroy files, or cause general havoc, or copy itself and send itself to other users.

That differs from a virus, which is usually considered self propagating.

Trojan horse malware is relatively simple to create but more difficult to propagate. For example, I could (or a friend; blondes don’t do code) write a simple application that could erase many of your Mac’s documents, music, photos, or applications, and send itself to others.

Once you open the application, it begins doing the dirty deeds, though in most cases it would require you to provide an administrator’s password to be effective.

A virus would be able to propagate automatically, send itself wherever, bypass most of Mac OS X’s security, exploit a hole or weakness in the operating system, and then cause damage.

So far, no true viruses have been reported “in the wild” for Mac OS X Tiger.

OSX/Leap A uses the Mac’s iChat AV and attempts to spread to contacts in the iChat Buddy List.

Andrew Welch from Ambrosia Software points out the basics for Mac users:

1 - you can’t be infected unless you receive the file “latestpics.tgz.”

2 - double click to decompress the zipped file.

3 - double click the file to “open it.”

You’d still be required to enter your password for OSX/Leap A to do the dirty deeds to the rest of your Mac, though such malware could delete many of your files.

As trojan horses go, Welch indicates this one is “not particularly sophisticated.”

Regardless, all mainstream computer operating systems, Mac OS X included, are vulnerable to trojan horses which spread through more “social” contact, rather than automatic replication and distribution.

Is this one a hoax? Apparently not. Is it dangerous? Only if you open it. Will a virus scanning application find it? Probably not.