Thursday, February 16, 2006

A live Mac OS X virus?

The Register is reporting that a OS X Trojan has been sighted in the wild for the first time. Apparently the worm, dubbed Leap-A by Sophos, spreads via iChat instant messaging, forwarding itself as a file called latestpics.tgz to contacts on the infected users' buddy list.

Update: More from the Washington Post, Slashdot and MacRumours. Andrew Welsh has done some initial disassembly of the worm and posted his results on the Ambrosia Software web boards. The worm apparently uses Spotlight to find the other applications on the infected machine and then inserts a stub code into each executable. Andrew concludes that,
In the end, it doesn't appear to actually do anything other than try to propagate itself via iChat, and unintentionally prevent infected applications from running - Andrew Welsh
Update: More on OSX/Leap.A from F-Secure...

Update: News of the worm has finally made it into the mainstream media...