OS X virus 'as easy to catch as Bagle worm': Sophos

OS X virus 'as easy to catch as Bagle worm': Sophos

Summary: Apple OS X users can catch the first real virus for Apple's OS X platform as easily as Windows users can catch the Bagle virus, according to anti-virus firm Sophos.Leap-A or Oompa-Loompa, which was discovered in the wild earlier this week, spreads itself through Apple's iChat instant messaging application.

SHARE:
Apple OS X users can catch the first real virus for Apple's OS X platform as easily as Windows users can catch the Bagle virus, according to anti-virus firm Sophos.

Leap-A or Oompa-Loompa, which was discovered in the wild earlier this week, spreads itself through Apple's iChat instant messaging application. However, in order to become infected, the Mac user must decompress the malicious file then run it, which is exactly what Windows users had to do in order to become infected by the Bagle virus.

Sean Richmond, senior technical consultant at Sophos, told ZDNet Australia that Leap-A has been misreported as a Trojan when it should actually be called a virus.

"It is not a Trojan. It can spread under its own power it is no more than [windows users] had to do for the Bagle worm, which came in a password protected zip file... People would unzip [Bagle] and run the executable inside," said Richmond.

Leap-A is the first piece of OS X malware to be discovered 'in the wild'. In late 2004, a piece of malware dubbed Renepo or Opener by security firms, proved that the Mac platform was not being completely ignored by cybercriminals.

Richmond admits that Leap-A is not a big risk but he said Mac users should see it as a wake up call.

"We have a low prevalence but it has been seen in the wild, whereas renepo, which did a lot to decrease OS X security but was never seen in the wild. This is out there rather than being an oddity," said Richmond.

Topics: Apple, Malware, Operating Systems, Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • Mac OSX Virus . . . .

    Mmmm. . . . The cynic in me thinks perhaps the back-room boys at the A/V companies are trying to open up a new market.
    anonymous
  • You should see what some of the AV vendors *could* do

    Some of the engineers at AV vendors really do know how to write some hardcore virus code.

    I know some of the securiy engineers at my office have some proof of concept code that they play with, which does some really crazy stuff.

    My point is, 99.9% of in the wild virus/trojans/malware are being written by people who at best are mildly talented. The other .1% would destroy our world if they really focused on writing code.

    If the AV vendors chose to write some new virus' then you can guarantee that we would know about it.
    anonymous
  • osx 'virus'

    you're right, Sophos appear to be performing some serious exaggeration with this. It requires at least three things to be done on an OSX.4 system for this worm to execute and it must be done manually. I can't believe the media are accepting the description of this as a virus as 'fact' and running with it! That's what is most disappointing
    anonymous
  • Stop defending crap

    Yeah right, but if it was a Windows PC, and the user had to do the same thing, then it would be Microsoft's fault. This really ticks me off about linux/macos fanboys, they think their OS is invincible and won't accept the reality that their things are nothing more than waiting to be infected POS.
    anonymous
  • Not defending

    There will be a time when OS X will have virus'. Never say never. But there is a big difference in the security of Windows and OS X. Virus have easy access to the Kernel on windows, not so on OS X. Threat level of this trojan is low, and would never make an article if it was windows based. I do believe the A-V love the publicity on this.
    anonymous
  • Not a virus, a trojan

    This is not technically a virus but a trojan. It cannot auto replicate without human intervention. The windows vesion could auto replicate because by default windows autoruns everything. However, this highlights the security philosophy of the various operating systems. Unices (including OSX) have security, Windows doesn't. According to one security website there are about 10 known viruses for Linux, about 15 for OSX an only 83,000 for Windows. Hmmm, what does that tell me...
    anonymous
  • it tells me...

    It tells me that os x as a platform doesn't hold the same level of exposure that windows does.

    Off hand, CERT records around 30ish vulnerablities for os x.

    Of those you could make potentially thousands of exploits, just the same as the core vulnerabilities for windows are exploited by thousands of virus attacks.

    What you fail to realise is that security experts have been telling mac users for years now that lack of virus targetted towards os x does not mean you are protected from attack. There are vulnerabilities that virus writers are only now bothering to expose to attack, and saying that the os x platform is more secure is not helping you. Its like standing in front of a cannon with a tissue (the windows user) or with nothing (the mac user) and saying to the windows user, "that tissue is going to do nothing to stop the cannon ball, but I am going to do my best to dodge it". The end result will be the same. Lack of protection will see the end system being compromised.
    damon.wynne
  • This reminds.....

    me of Firefox vs. IE. FF was great and then it became more popular and now is almost as insecure to use as IE. "The more popular a software, the more people try to bring it down." This is just the begining.
    anonymous
  • You can't patch stupidity

    The best thing to do is to use a standard personal account and keep admin separate.
    anonymous