What's the scoop with the Mac OS X virus "Leap.A"?
A virus on the Mac. Gadzooks, what's next? Spyware? Ug. Meanwhile, can you tell us a bit more about this code, how it works and how we can avoid being infected?
It's amazing how the hype machine works in the computer industry, actually. When I'm using my PC, I am constantly exposed to viruses, spyware, adware and other malicious applications, scripts and attachments, but when someone releases a pretty lame virus on the Mac - if it's even that at all - and suddenly Chicken Little pops out of the woodwork and tells us that the sky is falling.
It's not. In fact, this isn't much of a virus, more of a trojan horse and a "social engineering" experiment at that, because what you would see is a compressed tar archive (filename suffix ".tgz") that contains an executable script that simply has a JPEG graphic icon associated with it.
Let's have a look!
First off, you'd have to actively download or otherwise save the file that contains this executable, masquerading as a JPEG file. Here's how it would look to the Finder as a package and once it's unpacked:
I admit, it's pretty legitimate looking, but if you're a reasonably safe computer user, you'd either drop this graphic onto your graphics program or try to open it in same: Here's what happens when GraphicConverter tries to open this "JPEG" image:
Hmmm... it's greyed out, so I can't select it. Most strange!
Let's have a look at the file's Get Info box instead:
So there's the warning bell: it's a Unix Executable File not a "JPEG" graphic image at all.
Now, to be fair, I have been known to just double-click on a JPEG image to open it up, and that would cause trouble in this case. But I never open up attachments from strangers and don't even visit unknown sites without using a rarely-launched browser, etc.
By this point, you should be completely paranoid about this: any executable that's masquerading as a JPEG image is clearly up to no good, so rather than opening it, your best bet is to drag it to the trash and then empty the trash ASAP to ensure you don't have any problems down the road.
Rather than talk about how this works, a topic that's very well covered by Andrew Welch over at Ambrosia SW, I'd just like to highlight that when you download even the most innocuous files from discussion boards, get attachments from unknown parties, or even get email with attachments from people you know with oddly succinct message bodies like "check this out", be suspicious.
If nothing else, use our friend Get Info in the Finder to check out the details of the attachment and never, never, never run random executables that aren't from a known and trusted source.
And yes, at this point it might well be useful to get some sort of antivirus application for your Mac, unfortunately, and at the least, make sure you aren't running as the "admin" user for your day-to-day activities on the 'net.
Read more about the Mac OS X Leap.A virus / worm / trojan horse:
More Useful Mac OS X Help Articles:
✔ Audacity can't find LAME library, I can't save Mp3?
Hey Dave. I read your article Audacity can't save mp3 audio files and am still puzzled because I downloaded the LAME Mp3 converter...✔ How to remove Dashboard as a "space" in Mac OS X Spaces?
I'm a big fan of the Spaces utility in Mac OS X that lets me have multiple virtual screens [see Set Up Mac...✔ Best place to buy a cheap MacBook laptop?
Hi Dave. I am looking for two gently used MacBook laptops for my teen daughters. Personal computers would greatly facilitate their studies as...✔ File too big error copying to USB flash drive on my Mac?
I'm baffled. I have a 16GB Kingston USB flash drive that I use on my Mac system and I'm trying to copy a...✔ Stealth image capture photo from webcam on my Mac?
Someone sneaks into my cubicle while I'm at lunch and takes candy out of my desk. Petty, but stupid too. I want to...
Let's stay in touch!
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
I do have a comment, now that you mention it!
Check This Out Too...
Look for Answers
All Our Categories
Apple iPad Help
Articles and Reviews
Auctions and Online Shopping
Blogs and Blogging
Building Web Site Traffic
Business and Management
Computer and Internet Basics
d) None of the Above
Google Gmail Help
Google Plus Help
Industry News and Trade Shows
iPhone and Cell Phone Help
iPod, Sony PSP and MP3 Player Help
Kindle Fire Help
Mac OS X Help
Pay Per Click (PPC) Advertising
Search Engine Optimization (SEO)
Shell Script Programming
Tech Support Video Help
The Writing Business
Twitter, LinkedIn and Social Network Help
Unix and Linux Help
Video Game Tips and Help
Windows PC Help
Find Me on Google+
ADT on G+