It's a slow news time for Apple websites ... so ... it's time to start making up news.
While we're at it, why don't we just make it controversial?
Late last night, MacRumors posted the following:
On the evening of the 13th, an unknown user posted an external link to a file on MacRumors Forums claiming to be the latest Leopard Mac OS X 10.5 screenshots. The file was named "latestpics.tgz"
The resultant file decompresses into what appears to be a standard JPEG icon in Mac OS X but is actually a compiled Unix executable in disguise. An initial disassembly (from original discussion thread) reveals evidence that the application is virus-like or was designed to give that impression. Routines listed include:
The exact consequences of the application are unclear, but according to the users that originally executed the application have noted that it appeared to self propogate:
If anyone remembers last night, when lasthope [a poster on the macrumors website] spread that picture that opened in terminal. I just turned on my other computer and it said it had an incoming file, from my computer, which was the latest pics file. Any help. I have already secure deleted it off of my harddrive, but how do i know that it will not come back.
Andrew Welch who had done some of the initial disassembly is posting updates to this thread.
According to the initial investigation, the application uses Spotlight to find the other applications on the infected machine and subsequently inserts a stub of code into each application executable.
Update: It appears that there is some debate about the classification of this application, and as it does require user activation, it appears to fall into the Trojan classification, rather than self-propogating through any particular vulnerability in OS X.
Looks to me that it's just a terminal executable disguised with a different icon that types "suspicious words" ... there are no such commands for the terminal ... so how could they spread ... even if they are inserted into the code of other applications?
Further, this would only happen if the user has a Mac that has no password. Users who are on the internet with no password are foolish and in my opinion may actually deserve a virus. <----- eventhough this IS >>> NOT A VIRUS OR TROJAN <<<!
Because of this hubbub, The Register UK who has almost zero journalistic integrity and is having a slow news time, picked up on the story with the following:
Mac OS X virus sighted
Look before you Leap
By John Leyden
Published Thursday 16th February 2006 2:11AM
Antivirus researchers have discovered what's claimed to be the first computer virus to infect Apple Mac OS X computers. The malware, dubbed Leap-A, spreads via the iChat instant messaging system as a file called latestpics.tgz that infected machines send to contacts on an infected user's buddy list.
The malicious file is disguised as a jpeg, and users who open it will find their machines infected. Mac viruses were relatively common at the dawn of personal computing, but these days the overwhelming majority of viruses are Windows specific. Leap-A shows other platforms are also vulnerable.
"Mac viruses were relatively common at the dawn of personal computing, but these days the overwhelming majority of viruses are Windows specific."
Mac viruses were common?
And are they using their source as the MacRumors forum and calling the forum comments "Antivirus researchers"?
Gimme a break!
I am really disappointed in the MacRumors staff for this story!
More examples of poor reporting:
Another favorite site of mine called DeepThought posts this at the end of their report/rehash:
"I know that Mac users like myself can get complacent since we’re not usually the target of malware, but be careful out there, surf safely, and don’t panic."
"...not usually the target of malware"? When have Mac users EVER been the target of malware?
DeepThought also posts that this "malware/virus" asks for your admin password ... interesting ... how dumb do you have to be to view a picture to type in your password. That's almost like someone coming up behind you at a bank teller machine and saying:
"Can I see how you type in your secret code, I don't know how to use an ATM?"
See FYT related stories:
A Jacked Up Virus
Mac Fanatics cause iVirus