Beware of new Mac malware

There's a new piece of malware aimed at the Mac.

There has been a great deal of debate over whether this is "the first Mac virus!" or whether it's "only" a Trojan. I agree with the MacRumors folks that the debate is largely irrelevant (to everyone except Apple PR and the antivirus-software makers, anyway).

The more important points are:

  • If you download this particular file (on Mac OS X) and open it, some of your applications will probably get infected.
  • The file spreads itself via iChat; if a friend appears to be sending you a file via iChat, you should confirm with the friend that they're actually intentionally sending you the file.
  • Nothing happens unless you actively choose to download and open the file. Always be wary of opening files that people send you, even if they apparently come from friends.

Symantec has a page giving more information about this malware, which they've named OSX.Leap.A.

The Ambrosia Software forums have some useful information as well. In particular, that posting points out that:

  • The malware is buggy (so it's not nearly as effective as it was meant to be).
  • It propagates only through your local "Bonjour" iChat list, not over the Internet.
  • Even if you do download the file, it can't launch itself. (That is, it activates only when you open it, not when you download it.)
  • It doesn't do anything harmful, except that (due to a bug) infected applications may not launch.

Also, I think it only has any effect on OS X 10.4.

So I'd say this particular piece of malware is basically a non-threat. Someone could certainly create a more sophisticated and malicious and damaging piece of software that uses the same basic mechanism to spread; Mac users should be aware that there's now at least one person actively writing harmful software for OS X. But so far, if you don't open any files you receive from untrusted sources (or from trusted sources that you haven't verified), you should continue to be fine.

It's that "trusted sources that you haven't verified" part that's likely to cause problems, imo. I can easily see myself double-clicking a file that I think is from a friend, if I'm not paying attention.

2 Responses to “Beware of new Mac malware”

  1. Allogenes Kolodny

    This is not related to the post but I thought I’d mention it. You know that you can turn off Livejournal comments, right? That way people would not be tempted to reply there. Go to manage|info and look toward the bottom of the page.

    (Hmmm. I may have posted this comment before and gotten one of those server errors. If this is a duplicate, sorry about that!)

  2. jacob

    I believe that you cannot turn off comments for LiveJournal “journals” that are simply feeds from RSS.


Join the Conversation