From the National Business Review:
http://www.nbr.co.nz/print/print.asp?id=14401&cid=3&cname=Technology
Macintosh OSX worm on the loose
Don't accept that
iChat IM file!
Another day, another worm -- the difference being,
this one is turning to users of the Macintosh
OSX.
According to Symantec, users of the Macintosh
OSX. 10.4 operating system are the targets of
OSX.Leap.A,
a a worm with file infecting functionality, which
spreads via the iChat Instant Messaging program.
The worm earned only the lowest threat level
(1 of 5) from Symantec, but since Mac users are
nototiously
indifferent to malware, users of the system --
all
you media and creative types -- should prick
up their ears and follow the links.
The worm makes use of the Spotlight search program,
included in OSX, and will run each time the machine
boots.
It identifies any applications being started
and if iChat begins to run, it uses this to send
the
infected
file - latestpics.tgz - to all contacts on the
infected user's buddy list.
Those on the buddy list will then be asked to
accept the file, which, if they accept, will
subsequently
be saved to their hard drive.
" As with some of the threats to mobile devices that
we have seen, this worm will not automatically
infect, but will ask users to accept the file. This gives
potential victims a heads up and the opportunity to avoid infection,
by not accepting the file.
" The important piece of advice for any iChat users running
OSX 10.4 is not to accept file transfers, even
if they come from someone on a buddy list. It is also possible
to set iChat to ask for permission before sending
a file.
"
If this option is set and users are asked to confirm
that they want to send a file -- when they were not
aware that they were doing so -- alarm bells should
ring," said Kevin Hogan, senior manager, Symantec
Security Response.
In addition to using worm-like propagation techniques,
OSX.Leap.A is a file infecting virus.
This kind of behaviour was common in the days
of DOS viruses and Hogan adds: "Interestingly,
we are starting to see a slight increase in file
infectors,
with this being the third recent example.
" Although any potential victims will be alerted and
have to accept a file before infection can take
place, if they do so, it is unlikely that they will be aware
that they have fallen prey to this - when applications
are run, they will do so normally."
Users of Macintosh OS X 10.4 are advised to ensure
that iChat will request permission before transferring
a file and not to accept incoming files. Antivirus
and firewall software, as well as operating
systems, should be kept up-to-date, to provide maximum
levels of security.
17-Feb-2006
Symantec (Norton Anti-virus):
http://securityresponse.symantec.com/avcenter/venc/data/osx.leap.a.html
_________________ |
