Symantec Security Response: OSX.Leap.A

Symantec Security Response: OSX.Leap.A

Symantec Security Response has today identified a new worm that targets users of the Macintosh OSX. 10.4 operating system. Currently categorised as a Level 1 threat (on a scale of 1 to 5, with 5 being most severe), OSX.Leap.A is a worm with file infecting functionality, which spreads via the iChat Instant Messaging program.

The worm makes use of the Spotlight search program, included in OSX, and will run each time the machine boots. It identifies any applications being started and if iChat begins to run, it uses this to send the infected file - latestpics.tgz - to all contacts on the infected user's buddy list. Those on the buddy list will then be asked to accept the file, which, if they accept, will subsequently be saved to their hard drive.

"As with some of the threats to mobile devices that we have seen, this worm will not automatically infect, but will ask users to accept the file. This gives potential victims a heads up and the opportunity to avoid infection, by not accepting the file. The important piece of advice for any iChat users running OSX 10.4 is not to accept file transfers, even if they come from someone on a buddy list. It is also possible to set iChat to ask for permission before sending a file. If this option is set and users are asked to confirm that they want to send a file -- when they were not aware that they were doing so -- alarm bells should ring," said Kevin Hogan, senior manager, Symantec Security Response.

In addition to using worm-like propagation techniques, OSX.Leap.A is a file infecting virus. This kind of behaviour was common in the days of DOS viruses and Hogan adds: "Interestingly, we are starting to see a slight increase in file infectors, with this being the third recent example.

Although any potential victims will be alerted and have to accept a file before infection can take place, if they do so, it is unlikely that they will be aware that they have fallen prey to this - when applications are run, they will do so normally"

Users of Macintosh OS X 10.4 are advised to ensure that iChat will request permission before transferring a file and not to accept incoming files. Antivirus and firewall software, as well as operating systems, should be kept up-to-date, to provide maximum levels of security.

More information is available at http://securityresponse.symantec.com/avcenter/venc/data/osx.leap.a.html

ENDS