Anti-Virus Companies Warn of OS X Worm

Mac users are being targeted by a rare worm that can stop infected apps from launching-but the threat is rated "low."

Users of the Macintosh operating system received a rare security warning on Feb. 16 after samples of an Internet worm that targets the OS X operating system was identified by anti-virus companies.

OSX.Leap.A spreads over the iChat instant messaging program and can stop infected Mac applications from launching, according to warnings from iDefense and Symantec.

Leap first appeared on Feb. 13 when a user posted a malicious file on the MacRumors forum, claiming the attachment was screenshots from Apples Mac OS X 10.5 release, code named "Leopard."

The attachment was disguised as a JPEG image file, but is actually a malicious program that copies itself to a victims iChat buddies.

/zimages/1/28571.gifApples switch to Intel chips may allow OS X exploits. Click here to read more.

Once installed on an OS X system, Leap infects files and can prevent them from running or launching, Symantec said.

Symantec rated the worm a "Level 1" threat—its lowest possible rating. However, the company advised OS X users to be wary of opening file attachments sent over the iChat network.

Apple users make up a small fraction of the computing population, and malicious code for the Mac operating system is rare. The last known virus affecting Mac users was the AutoStart worm in 1998, according to Ken Dunham, director of the Rapid Response Team at iDefense in Reston, Virginia.

However, experts believe that the Mac operating system could soon see more attacks, especially with Apples decision to ship on computers that use the common Intel architecture.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.