RealTime IT News

Apple Users: Beware of Leopard Links

A new Mac OS X worm is slithering around the Internet, apparently trying to capitalize on users' curiosity about the upcoming 10.5 "Leopard" operating system.

Antivirus vendors Fortinet, McAfee, Sophos, Symantec and others dubbed it Leap.A. Security rating firm Secunia has ranked the worm as a "very low risk" and major antivirus vendors have provided updates to protect against it.

Ken Dunham, director of the rapid response team at iDefense, said the worm first appeared on a Mac users site as a link claiming to be screenshots of the unreleased Mac OS X 10.5 Leopard system.

The link leads to a file that appears to be a JPEG but is actually the worm executable. Once activated, the worm will delete files on the user's Mac and send itself to other users via Apple's iChat instant messaging client.

Leap. A is using a relatively new attack vector with Apple's iChat instant messaging application. IM based worms are increasingly common on Windows PCs but have been nearly non-existent for Mac users.

"Leap.A (CME-4) acts like a combination of a Trojan, virus and worm," Dunham commented. "It acts like a Trojan because it masquerades as a JPEG file, a virus because it attempts to infect executables, and a worm because it attempts to send copies of itself to others via iChat. This last action is similar to that of an instant messaging worm on the Windows platform."

Earlier this week, Apple updated OS X to version 10.4.5. The actual Leopard 10.5 release is expected by the end of 2006.