[TETENAL]

Originally Posted by theolein

symantec and MyAffee have given it a name: OSX/Leap-A

Is that short for "Leap Ahead"?

[ghporter]

For the record, being right about this sort of thing eventually happening "in the wild" is completely unsatisfying.

The "A" in "Leap-A" is almost certainly A as in before B...Symantec tends to letter variants. Unfortunately I can't find anything about why they called it "Leap" to begin with.

Please note that Symantec, F-Secure and McAfee have all not only studied the thing in depth but have fixes and definition files out already-and have for several hours. This system works and works well.

[Geobunny]

Originally Posted by ghporter

Please note that Symantec, F-Secure and McAfee have all not only studied the thing in depth but have fixes and definition files out already-and have for several hours. This system works and works well.

As has ClamAV and hence ClamXav. Unfortunately, I'm none the wiser as to why it's called Leap either

[alphasubzero949]

Maybe because we have "lept" into the Windows world?

[Back up 15 and punt]

You know one of the best ways Apple could help protect the using public would be to simply flag any extension that should not be an executable. For instance, if a file is being downloaded that has an extension of .jpg and it has an executable embedded in it the OS should simply say the this is likely to be malware, virus or something else that should not be. That would make it very hard for any virus to infect your computer.

[brachiator]

Originally Posted by SirCastor

Yeah, but do you know how annoying it is for a power user to be stuck with an account that doesn't allow you to do anything? I guess for the majority of users, that's probably the best solution, but for things I do, I don't think I could stand it.

Well, it would be a dialog a power-user could quit out of without installing the non-admin account. One wouldn't be forced to create the non-admin, but one would have to click through a few "Are you really super-sure you want to do this?" dialogs.

I look at it as to protect people like my dad. His PC has been acting up so much that he's seriously thinking of getting an iMac, although some remedial work I did on his PC and my strong advice to not buy an Intel iMac until rev2 has cooled his jets a bit. But he might be just the sort of Joe User who'd get caught by the social engineering aspect of this... maybe not, but maybe. So I'd be fine, as a quasi-power-user, with having to monkey a bit to get around installing the non-admin account, so long as I knew it was going to protect someone else who's just a plug-n-play person, like my dad.

I've never run a non-admin account. By some lights, that makes me a dumbass, I guess. I think I'll try one and see what happens.

[moonmonkey]

Originally Posted by Back up 15 and punt

You know one of the best ways Apple could help protect the using public would be to simply flag any extension that should not be an executable. For instance, if a file is being downloaded that has an extension of .jpg and it has an executable embedded in it the OS should simply say the this is likely to be malware, virus or something else that should not be. That would make it very hard for any virus to infect your computer.

This would not help us, Leap-A was only disguised by the author pasting a custom icon onto it, it did not have the wrong file extension.

[Back up 15 and punt]

Originally Posted by moonmonkey

This would not help us, Leap-A was only disguised by the author pasting a custom icon onto it, it did not have the wrong file extension.

I disagree. If you have a file that describes itself as a jpeg, mp3 or something else and it contains and executable then it would be very easy to stop it or simply warn a user that their in danger of unleashing a possible virus or trojan.

[theolein]

1. It does NOT have a file extension.
2. In Get Info it DOES describe itself as an application.
3. It has the icon of a preview document, just like any generic jpeg, tif etc would have.
4. People double click on it anyway.
5. Mac users can be frightenly dumb.

[B Gallagher]

I'm now considering creating a new Admin account on my computer, and changing my default account to a standard account.

Do you think this would be worth it?

[B Gallagher]

Also - has there been any official response from Apple about this?

[CharlesS]

Originally Posted by ghporter

The "A" in "Leap-A" is almost certainly A as in before B...Symantec tends to letter variants. Unfortunately I can't find anything about why they called it "Leap" to begin with.

Because moki's suggestion of "Oomp-A" when he submitted the thing to Sophos was just not boring enough?

[ism]

Originally Posted by B Gallagher

I'm now considering creating a new Admin account on my computer, and changing my default account to a standard account.

Do you think this would be worth it?

Yes.

[moonmonkey]

Originally Posted by Back up 15 and punt

I disagree. If you have a file that describes itself as a jpeg, mp3 or something else and it contains and executable then it would be very easy to stop it or simply warn a user that their in danger of unleashing a possible virus or trojan.

It doesn't matter if you agree or disagree
If a program has the file extension of a document ( .jpg) it will not execute anyway.

So you idea is a bit useless.

Sorry!

[alphasubzero949]

Originally Posted by B Gallagher

Also - has there been any official response from Apple about this?

Yes, in the form of locked and deleted threads on their discussion forums.

[ism]

Originally Posted by moonmonkey

If a program has the file extension of a document ( .jpg) it will not execute anyway.

But it could have the extension of '.jpg ' with that oh so important space. That's where the real trouble is

[moonmonkey]

Originally Posted by ism

But it could have the extension of '.jpg ' with that oh so important space. That's where the real trouble is

But it still wouldn't execute so whats the problem?

[JKT]

Originally Posted by CharlesS

Because moki's suggestion of "Oomp-A" when he submitted the thing to Sophos was just not boring enough?

He originally suggested Oompah-Loompah as the name and they said it was too long. By the time he had suggested Oomp-A, they'd already released their press releases with Leap-A (although, in my view, they probably just didn't want to give it a cute name as it doesn't make it sound threatening enough).

I dislike the way this has been reported in the media - in 90% of the reports it is "Sophos/Symantec/Intego has discovered..." etc. which implies that these anti-virus companies were the ones who found the virus and worked it all out and thus deserve all the "glory" (and the implied effect of "hey, we're so good, just see how vigilant we are and how we've been looking out for all you folk - now buy our product!") when it was the initial victims and moki who did most of the legwork. Hello - the victims may have been stupid enough to have this happen to them in the first place, but at least they were aware enough to realise what was going on once it started happening... a quick reaction will have stopped this from going much further than just a few people and they at least deserve some credit for that.

[ism]

Originally Posted by moonmonkey

But it still wouldn't execute so whats the problem?

I might have missed something you've said or misunderstood you (I apologise if I have), but this case does execute and would fool most people at first glance:

http://forums.macrumors.com/showpost...&postcount=148

[ghporter]

I agree that some news reports are crediting the AV companies instead of users for discovering the thing. In the real world, viruses are identified by users and IT departments that report unusual or obviously malicious activity to AV companies which then study the stuff and confirm it's truly malware.

But remember, news doesn't have to really reflect the real world. If it did, we'd all know a lot more about what happened in Harrison County, Mississippi because of Hurricane Katrina, nobody would have suggested that Cheney "shot" his friend, and so on... </bitter sarcasm>

[brachiator]

Originally Posted by ghporter

nobody would have suggested that Cheney "shot" his friend, and so on... </bitter sarcasm>

Whaddya mean? Are you saying Whittington wasn't Cheney's friend, or that Cheney gunned down a different guy? </smartassery>

You're right about the coverage though - I suspect it is because enterprises like Symantec send out press releases that reporters can convert into stories, while folks like Moki largely focus on doing the work and documenting it within the community, like on Ambrosia's fora. As for another contrast, I learned a lot about the general issues involved by reading the reports in here and on Moki's site, not so much from the "MSM"...

[bergy]

Well that's the end of that ...

There goes one big argument when you're trying to get someone to switch to a Mac ...
You will never again be able to say that OSX is virus free ...

They're reporting this on CNN, Canadian Broadcasting System .... it's over folks ...


I wish Stevo had foreseen this and had his software engineers come up with something that would have made it a lot harder to do this ...

The media is loving it and killing us ....
All the average guy hears is ... MacOSX is just like Windows now .... there are only less viruses for it because of the "obscurity" factor ...

Now the chance at gaining marketshare is going to take a big hit too ...

Rats!

[porieux]

...

[porieux]

...

[chris v]

In the end, how many actual computers were actually infected? how many secondary infections were there as a result of it travelling from one infected machine to another?

2? 200? 2000? Zero?

[bergy]

Originally Posted by porieux

This is a TROJAN. Trojans have always been possible and always will be possible. Period.

I know that ... but the media says VIRUS ... the average guy doesn't go beyond that ...

Just talk to anyone at work .... the word is out ... game over ...

All you'll hear now is Macs have viruses too ... it's no better than Windows ...

Thank you media bloodhounds ....

They never have anything good to say about Apple and now their wishes have been granted ..

[ShotgunEd]

This isn't even the first trojan. The media are dumb. Don't lower yourself to their level.

Now we have a worm, OSX/Inqtana.A, and no, its not a fricking virus either.

[JKT]

Originally Posted by chris v

In the end, how many actual computers were actually infected? how many secondary infections were there as a result of it travelling from one infected machine to another?

2? 200? 2000? Zero?

Very, very few - I'd say in the low tens at most. The people who donwloaded it knew something was wrong straight away (the very first post in the macrumors thread says "it opens in terminal. not right") but didn't realise what it would be able to do so got complacent. Apparently it can only spread to people on your Bonjour buddy list in iChat, not your normal Buddy list. In other words, it is restricted to a LAN and could never actually spread over the net by itself.

However, who cares. It has exposed a lax attitude amongst us, exposed a security hole that most people were unaware of (InputManagers) and that Apple needs to close fast, and successfully woken us all up to the potential for trojans to do damage to our system (again). No bad thing. I suspect that in a years time, this will still have been the only piece of marginally successful malware on the Mac and even though we won't be able to say that our system is fully malware free (which it hasn't been for a few years now anyway) we will still be able to point out how little damage things can actually do.

[JKT]

Originally Posted by ShotgunEd

Now we have a worm, OSX/Inqtana.A, and no, its not a fricking virus either.

Nope, no we don't. It can only infect bluetooth-equipped 10.4.0 machines (the hole it exploits was fixed in 10.4.1) and uses bluetooth to transmit itself. The target has to accept the transfer.

Just how many people are going to get within 30 feet of an infected machine, still only be running 10.4.0, and be dumb enough to allow a pairing and to accept an un-prompted bluetooth message that appears out of the blue? OK, there will be some, but one would hope that it would only be 1 or 2 at most. It also kills itself on the 24th of February.

Edit: not to mention the fact that it transmits to any bluetooth device, so if you have a mobile phone and you are infected, you are going to get very suspicious when your computer keeps trying to send you messages to your phone without any action on your part.

[bergy]

Has anyone been following Google ... probably the most widespread source of info and news headlines ...

This is typical ....

First Apple VIRUS Could be First of Many
http://business.timesonline.co.uk/ar...045460,00.html

This will be on the Google site for the next week at least ... check out the "all related" articles under the main headline ...... and weep ....

http://news.google.ca/nwshp?hl=en&ta...day/906076.htm

[JKT]

It doesn't matter. When there aren't tens to hundreds of "viruses" in the next year, it will actually make the platform look better. A bit of bad news now is not the end of the world. In some ways it is possibly good news too as people may become aware for the first time that up until now, there hasn't actually been any successful malware for Mac OS X (and even then, it hasn't really been successful anyway) whereas previously they may have assumed that it suffered the same deluge as Windows.

[bergy]

I'm hoping Stevo will come up with something ...

You'd think he's probably pretty upset about the coverage this is getting ...

Good grief ... we've got to make the world safe from these rotten hackers ...

[Chuckit]

Originally Posted by ShotgunEd

This isn't even the first trojan. The media are dumb. Don't lower yourself to their level.

Now we have a worm, OSX/Inqtana.A, and no, its not a fricking virus either.

Nobody actually has this worm. By all appearances, Sophos banged it out so they could issue a press release and capitalize on Oompah.

[bergy]

I rest my case ...

Hot off the presses ... now all over Google .. and soon the rest of the media ... Let the slaughter begin!

Second Virus hits Macs ....
http://www.redherring.com/Article.as...rityAndDefense

As for Leap.A, Mac World is running an article which contains everything you need to know. . And in the debate “Is Leap.A a virus or not?” they got an interesting opinion: “Technically, it’s a bit of everything. It’s a virus, in the sense that it attaches itself to other executable code on your Mac. It’s a worm, in that it attempts to self-replicate and spread from machine to machine. It’s a piece of malware, because it can do bad things to your computer. Basically, it’s a piece of malware that’s delivered via a Trojan horse and then acts in both viral and wormy ways”.

[Steve's Sanity]

Originally Posted by bergy

I rest my case ...

Hot off the presses ... now all over Google .. and soon the rest of the media ... Let the slaughter begin!

You're really overreacting here, bergy. All computers will always be susceptible to trojan horses to some extent because there's very little any operating system can do to prevent users from stupidly launching programs. This is a very small issue. You seem to be concerned because of the negative press for the platform, but it really does not matter. Other than the fact that we cannot say OS X is 100% virus free (and that has not been totally true for a long time anyway), not much has changed. The people who are going to use this as another excuse against the a Mac were never going to buy one in the first place. If you're upset about this development, you should be much more upset about the much more real threat to our platform's survival: the Intel defection.

[bergy]

This is now the "third" VIRUS in two days reported by Google Headlines ..

They won't let go now .... It's a feeding frenzy ...

http://news.com.com/Bluetooth+worm+t...3-6041091.html

[Steve's Sanity]

Originally Posted by bergy

This is now the "third" VIRUS in two days reported by Google Headlines ..

They won't let go now .... It's a feeding frenzy ...

http://news.com.com/Bluetooth+worm+t...3-6041091.html

How is this the third rather than the second? That story isn't reporting a new case.

[alphasubzero949]

I thought that was patched in 10.4.2?

[ghporter]

This will blow over very quickly in terms of "Mac versus Windows" issues. How many actual, malicious viruses for Windows came out while this one TROJAN HORSE was in the news? Yep, a bunch-and mostly lame-o script-kiddie hacks too. The ONLY thing this Mac trojan has going for it is {really important thing here} it used some exceptionally dumb social engineering. Yes, DUMB. Not even MacRumors has announced, mentioned, or even hinted at ANY potential working code for the next version of OS X, so a Mac user's going to say "Hey, somebody's leaking a screenshot of the next OS X!"? Not many did...

brachiator, did you see the pictures of Whittington? He did get banged up, be he really is an old guy too. Old folks bruise pretty easy, and they have pretty thin blood vessels too, thus the pellet that caused his arythmia (reported as a "heart attack"). Details are so crucial, and today it's so easy to find yourself being fed supposed "news" by someone who got a C in high school journalism and never quite completed that BA in the subject-and thus knows less than beans about whatever they're saying. It galls me to no end... (Of course, so does using such a wimpy gun as a 28ga shotgun on live birds-you don't throw enough shot hard enough to effectively kill most of them, leaving crippled birds in the tall grass... not a nice thing at all. Yep, details are critical.)

[osxrules]

I'm a little surprised it took this long to be honest. OS X has been out for what 6 years now and we just have this lame attempt at a virus. The reason I expected it sooner was because of all the people who went around shouting about how Macs have no viruses bla bla. I mean really, if anyone is to blame it's you guys. Do you go up to a heavyweight and brag saying hah, you haven't hit me yet na na nana na. No, because he'll flatten you.

When you try to annoy users of other systems, all of which have fanboys (some of whom are pretty talented computer users), you're just asking for trouble. Also, it leads to this sort of hype in the media.

If people had just stfu about the fact that Macs didn't have viruses then few people would even be interested. Having contests offering money for the first person to make a virus for OS X is just plain arrogant.

And no, OS X not having any viruses is not the only reason that made it more appealing. Just because of this little incident, it doesn't put OS X on par with Windows by a long way.

[JKT]

Funny, the only person whose fault it is to me, is the person who created it...

FWIW, no one had a competition offering money for the first person to create a virus for OS X (assuming you are referring to the Wil Shipley challenge) - it was to have someone prove that any viruses at all existed for OS X at that point in time. He was reacting to stories in the press saying things like Mac OS X had less viruses than Windows (inferring that OS X had in fact been infected by viruses when there still weren't any in existence). Ironically or unsurprisingly, this was mis-represented in the self-same clueless tech press as being a challenge to create the first virus for OS X.

[osxrules]

Originally Posted by JKT

Funny, the only person whose fault it is to me, is the person who created it...

I'll concede he was the main one to blame but I won't say that arrogant fanboys are without blame. It's like that Danish cartoonist who did the Muhammed thing. Was he without blame to provoke a reaction? You may say the people who did the rioting were solely to blame but without provocation, they'd have no reason to.

FWIW, no one had a competition offering money for the first person to create a virus for OS X (assuming you are referring to the Wil Shipley challenge)

Nope it was the DVForge challenge:

http://www.neowin.net/index.php?act=view&id=27666

[Chuckit]

Originally Posted by osxrules

I'm a little surprised it took this long to be honest. OS X has been out for what 6 years now and we just have this lame attempt at a virus. The reason I expected it sooner was because of all the people who went around shouting about how Macs have no viruses bla bla. I mean really, if anyone is to blame it's you guys. Do you go up to a heavyweight and brag saying hah, you haven't hit me yet na na nana na. No, because he'll flatten you.

But the best part is, the heavyweight has yet to actually land a punch.

The truth is, if I were that kind of asshole, I feel fairly sure I could bang out a decent worm for OS X. But so far, all the people bragging about OS X's immunity have actually been borne out. Even now that the OSX/Media-A virus is out, the threat is still completely negligible.

[ghporter]

While the code in Leap-A is fairly weak, just look at the fact that such incredibly lame social engineering got it into any computers at all. This is as bad as the Windows virus that claimed to be pictures of a tennis star. No, wait. At least she really existed...

Seriously, it takes no real hidden code to infect a computer whose user falls for this sort of stupidity. I wonder what would have happened if it whould have pretended to be a cupon for a free Nano-or a free Mac Mini... Expecting the OS to protect you because it's robust is no protection at all if you don't bother to think about whether something is or is not legitimate.