- The 'classic' Mac OS is the original Macintosh operating system that was introduced in 1984 alongside the first Macintosh and remained in primary use on Macs until the introduction of Mac OS X in 2001. Apple released the original Macintosh on January 24, 1984; its early system software was partially based on the Lisa OS and the Xerox PARC Alto computer, which former Apple CEO Steve Jobs.
- Mac OS X 10.6 Snow Leopard is a full 64-bit system, as well as most of its applications. It has several new tools, including a GCD dispatcher for multiple-processing capabilities and OpenCL, a system for graphic card optimization for specific work.
Reports indicate that someone has let loose a 'Trojan horse' or worm for Mac OS X users. The program is hidden within a package that purportedly contains screenshots of Apple's as-yet unannounced next major revision to Mac OS X. Whether it's a Trojan horse or worm seems to vary depending on the source of the information. The code has also elicited a response from Apple, and a warning to its customers.
Title Developer/publisher Release date Genre License Mac OS versions A-10 Attack! Parsoft Interactive 1995 Flight simulator Abandonware 7.5–9.2.2. A few weeks after the hullabaloo surrounding Intego's press release about a technique that could be used to create a Trojan horse that looked like an MP3 file (see 'Mac OS X Trojan Technique: Beware Geeks Bearing Gifts' in TidBITS-726), a real Mac OS X Trojan horse has been reported to Macworld UK.
The package, called 'latestpics.tgz,' first surfaced recently on a Mac rumors Web site. Independently verified by Ambrosia Software president Andrew Welch, he's dubbed it the 'Oompa-Loompa Trojan,' because the files in question check for the presence of an attribute called 'oompa' — an apparent reference to the movie and book 'Charlie and the Chocolate Factory.'
Welch provides extensive details on the Ambrosia Software discussion forums.
When unpacked, the archive includes an application that resembles a JPEG file. When it's clicked on, the file executes and attempts to propagate itself via the buddy list of Apple's instant messaging software iChat.
Welch is careful to point out that this should probably be considered a Trojan horse, rather than a virus, 'because it doesn't self-propagate externally.'
So-called Trojan horses are differentiated from viruses because they masquerade as a regular application or file and do not replicate themselves arbitrarily.
Anti-virus software maker Sophos takes issue with this description, claiming this is the 'first ever virus for Mac OS X.'
'OSX/Leap-A is programmed to use the iChat instant messaging system to spread itself to other users. As such, it is comparable to an email or instant messaging worm on the Windows platform. Worms are a sub category of the group of malware known as viruses,' said Sophos in a statement.
Symantec similarly classifies it as a worm, and classifies its threat containment and removal as 'easy.' McAfee, makers of Virex, also call the code, which they refer to as 'OSX/Leap,' as a worm.
Intego, makers of VirusBarrier, also confirmed the trojan horse's existence. Because the code is distributed by iChat, Intego said, people are more likely to presume the file is legitimate. Intego advised users to update their virus definition files and 'never open files received by e-mail or iChat unless they are sure that these files are safe.'
Sophos, Symantec, McAfee and Intego have all added the code's description to their Mac anti-virus software files, which can be downloaded from each publisher's respective Web site.
All The Horses Mac Os X
OSX/Leap-A, Oompa-Loompa, or whatever else you want to call it, also requires an admin password if you're not running as an admin, said Ambrosia's Welch.
Additionally, Ambrosia's Welch said the software has a bug in its code that prevents it from working and prevents infected applications from launching. Still, he strongly advises users that find the 'latestpics.tgz' file to avoid downloading or running it.
All The Horses Mac Os Catalina
Apple also commented on the release of the code in a statement provided to Macworld .
'Leap-A is not a virus, it is malicious software that requires a user to download the application and execute the resulting file,' said Apple. 'Apple always advises Macintosh users to only accept files from vendors and Web sites that they know and trust. We have a guide to safely handling files received from the Internet at http://docs.info.apple.com/article.html?artnum=108009.'
Updated Feb. Wall builder mac os. 16 2006 5:00 PM: Added comments from Apple.
Updated Feb. 16 2006 2:05 PM: Added comments from Intego.
SecureMac and Intego claim to have discovered several variants of a Trojan horse in the wild targeted at users of Mac OS X 10.4 and 10.5. The Trojan is being distributed from a hacker Web site through iChat and Limewire, the company said.
Distributed as a compiled AppleScript called ASthtv05 or as an application, the Trojan allows remote access to the system and can transmit system and user passwords. SecureMac also said the Trojan is also capable of logging keystrokes and turning on file sharing.
Latest Mac Os
When unpacked, the archive includes an application that resembles a JPEG file. When it's clicked on, the file executes and attempts to propagate itself via the buddy list of Apple's instant messaging software iChat.
Welch is careful to point out that this should probably be considered a Trojan horse, rather than a virus, 'because it doesn't self-propagate externally.'
So-called Trojan horses are differentiated from viruses because they masquerade as a regular application or file and do not replicate themselves arbitrarily.
Anti-virus software maker Sophos takes issue with this description, claiming this is the 'first ever virus for Mac OS X.'
'OSX/Leap-A is programmed to use the iChat instant messaging system to spread itself to other users. As such, it is comparable to an email or instant messaging worm on the Windows platform. Worms are a sub category of the group of malware known as viruses,' said Sophos in a statement.
Symantec similarly classifies it as a worm, and classifies its threat containment and removal as 'easy.' McAfee, makers of Virex, also call the code, which they refer to as 'OSX/Leap,' as a worm.
Intego, makers of VirusBarrier, also confirmed the trojan horse's existence. Because the code is distributed by iChat, Intego said, people are more likely to presume the file is legitimate. Intego advised users to update their virus definition files and 'never open files received by e-mail or iChat unless they are sure that these files are safe.'
Sophos, Symantec, McAfee and Intego have all added the code's description to their Mac anti-virus software files, which can be downloaded from each publisher's respective Web site.
All The Horses Mac Os X
OSX/Leap-A, Oompa-Loompa, or whatever else you want to call it, also requires an admin password if you're not running as an admin, said Ambrosia's Welch.
Additionally, Ambrosia's Welch said the software has a bug in its code that prevents it from working and prevents infected applications from launching. Still, he strongly advises users that find the 'latestpics.tgz' file to avoid downloading or running it.
All The Horses Mac Os Catalina
Apple also commented on the release of the code in a statement provided to Macworld .
'Leap-A is not a virus, it is malicious software that requires a user to download the application and execute the resulting file,' said Apple. 'Apple always advises Macintosh users to only accept files from vendors and Web sites that they know and trust. We have a guide to safely handling files received from the Internet at http://docs.info.apple.com/article.html?artnum=108009.'
Updated Feb. Wall builder mac os. 16 2006 5:00 PM: Added comments from Apple.
Updated Feb. 16 2006 2:05 PM: Added comments from Intego.
SecureMac and Intego claim to have discovered several variants of a Trojan horse in the wild targeted at users of Mac OS X 10.4 and 10.5. The Trojan is being distributed from a hacker Web site through iChat and Limewire, the company said.
Distributed as a compiled AppleScript called ASthtv05 or as an application, the Trojan allows remote access to the system and can transmit system and user passwords. SecureMac also said the Trojan is also capable of logging keystrokes and turning on file sharing.
Latest Mac Os
The Trojan takes advantage of a vulnerability with Apple Remote Desktop that allows it to run as root. You must download and open the infected file for the Trojan to become active, but once it is active, it will add itself to the System login items.
All The Horses Mac Os 11
SecureMac said its product, MacScan, has been updated to remove the Trojan. Intego has also updated its software VirusBarrier to handle the threat.
Updated: This story has been updated, adding Intego's role in discovering the Trojan.
