[Osiris]

Antivirus researchers have discovered what's claimed to be the first computer Trojan to infect Apple Mac OS X computers. The malware, dubbed Leap-A, spreads via the iChat instant messaging system as a file called latestpics.tgz that infected machines send to contacts on an infected user's buddy list.

The malicious file, which poses as a set of pictures, is a compressed Unix shell program. The user is prompted for admin credentials to launch the malicious code, which is better described as a Trojan than a virus. Mac OS X users who do this will find their machines infected.

Mac viruses were relatively common at the dawn of personal computing, but these days the overwhelming majority of viruses are Windows specific. Leap-A shows other platforms are also vulnerable.

[mac_mogul]

A little more info

[Deimos]

wow that sucks, always thought macs would stay malware free.

[Osiris]

A second strain of malware targeting Mac OS X has been discovered days after a Mac OS X Trojan appeared on the scene. The latest malware, Inqtana-A, is a proof-of-concept worm that attempts to spread using a Bluetooth vulnerability.

The worm is not spreading in the wild and uses an internal counter that means it will expire on February 24, so it's unlikely to ever be much of a problem. Nonetheless, Mac OS X 10.4 (Tiger) users are still advised to make sure they're patched up in order to guard against attack from any future worm that uses the same exploit.

Earlier this week, security researchers discovered a Trojan (or what many are classifying as a worm), dubbed Leap-A (AKA Oomp-A), that spreads via the iChat instant messaging system. Mac fans have to unzip the file and enter security codes to run it so that, in practice, Leap is also scarcely much of a threat. Most anti-virus vendors categorise it - like Inqtana - as low risk.

[mac_mogul]

Quote:

Originally posted by Warez Monster
Mac fans have to unzip the file and enter security codes to run it...

You would have to be a complete idiot to ever do this to yourself

[Osiris]

SAN FRANCISCO, California (Reuters) -- A new computer worm targeting Apple Computer Inc.'s Macintosh computers has been identified for the second time in one week, security experts said.

The new worm, called OSX.Inqtana.A, spreads through a vulnerability in Apple's OS X operating system via Bluetooth wireless connections, antivirus company Symantec said.

"We have speculated that attackers would turn their attention to other platforms, and two back-to-back examples of malicious code targeting Macintosh OS X ... illustrate this emerging trend," said Vincent Weafer, senior director at Symantec Security Response.

The latest virus follows OSX/Leap-A, which was identified last week and believed to be the first such virus targeting the Mac platform.

That worm attempts to spread via Apple's iChat instant messaging program, which is compatible with America Online's popular AIM instant messaging program. (Full story)

Symantec said the latest worm attempts to use Bluetooth connections to spread by searching for other Bluetooth-using devices that will accept requests for a connection when the computer is restarted.

Bluetooth is a wireless technology used to transmit data among devices at short distances.

The worm spreads via a vulnerability in the OS X operating system called the Apple Mac OS X BlueTooth Directory Traversal Vulnerability.

If a Bluetooth connection is made, the worm attempts to send itself to those remote computers. However, the worm itself does not appear to pose an immediate threat.

"While this particular worm is not fully functional, the source code could be easily modified by a future attacker to do damage," Weafer said, adding that Mac users should install available software patches to their operating systems to prevent such attacks.

The latest worm was identified Friday. Both worms are ranked a Level 1 threat on a scale of 1 to 5, with 5 being the most severe, Symantec said.

[Osiris]

Security researchers have discovered a vulnerability in Mac OS X that creates a means for hackers to compromise vulnerable systems. The critical security flaw is unpatched but workarounds have been issued.

The flaw stems from errors in the processing of metadata file association meta data in ZIP archives. By renamed "safe file" extensions stored in ZIP archives, hackers could trick users into executing malicious shell scripts. The security bug might also be used to attack Apple Safari browser users by creating a means for attackers to automatically run malign code when a Safari user visits a malicious-constructed website, an even more potent exploit scenario.

The vulnerability has been confirmed on a fully patched system with Safari 2.0.3 and Mac OS X 10.4.5. Early versions might also be affected. Security notification firm Secunia has published a test here. It advises users to protect themselves against exploit by disabling the "Open safe files after downloading" option in Safari. Mac users should also avoid opening files in Zip archives that originate from untrusted sources.

"This is yet another example of the continuing spread of malicious code onto other platforms," said Alfred Huger, senior director of engineering at Symantec Security Response. "While there is no known exploit at this time, users are encouraged to turn off the 'Open safe files after downloading option' in their Safari browsers and watch for further information from Apple."

Discovery of the vulnerability follows last week's discovery of two low-level worms targeting Mac OS X: Leap-A and Inqtana-A.

[mac_mogul]

when it rains, it pours :sigh::rolleyes: