Free tech support / small logo


What's the scoop with the Mac OS X virus "Leap.A"?

A virus on the Mac. Gadzooks, what's next? Spyware? Ug. Meanwhile, can you tell us a bit more about this code, how it works and how we can avoid being infected?

Dave's Answer:

It's amazing how the hype machine works in the computer industry, actually. When I'm using my PC, I am constantly exposed to viruses, spyware, adware and other malicious applications, scripts and attachments, but when someone releases a pretty lame virus on the Mac - if it's even that at all - and suddenly Chicken Little pops out of the woodwork and tells us that the sky is falling.

It's not. In fact, this isn't much of a virus, more of a trojan horse and a "social engineering" experiment at that, because what you would see is a compressed tar archive (filename suffix ".tgz") that contains an executable script that simply has a JPEG graphic icon associated with it.

Let's have a look!

First off, you'd have to actively download or otherwise save the file that contains this executable, masquerading as a JPEG file. Here's how it would look to the Finder as a package and once it's unpacked:

Mac OS X Virus: LatestPics.tgz / Leap.A worm

I admit, it's pretty legitimate looking, but if you're a reasonably safe computer user, you'd either drop this graphic onto your graphics program or try to open it in same: Here's what happens when GraphicConverter tries to open this "JPEG" image:

Mac OS X Virus: GraphicConverter trying to open latestpics / Leap.A worm

Hmmm... it's greyed out, so I can't select it. Most strange!

Let's have a look at the file's Get Info box instead:

Mac OS X Virus: Get Info on latestpics / Leap.A worm

So there's the warning bell: it's a Unix Executable File not a "JPEG" graphic image at all.

Now, to be fair, I have been known to just double-click on a JPEG image to open it up, and that would cause trouble in this case. But I never open up attachments from strangers and don't even visit unknown sites without using a rarely-launched browser, etc.

By this point, you should be completely paranoid about this: any executable that's masquerading as a JPEG image is clearly up to no good, so rather than opening it, your best bet is to drag it to the trash and then empty the trash ASAP to ensure you don't have any problems down the road.

Rather than talk about how this works, a topic that's very well covered by Andrew Welch over at Ambrosia SW, I'd just like to highlight that when you download even the most innocuous files from discussion boards, get attachments from unknown parties, or even get email with attachments from people you know with oddly succinct message bodies like "check this out", be suspicious.

If nothing else, use our friend Get Info in the Finder to check out the details of the attachment and never, never, never run random executables that aren't from a known and trusted source.

And yes, at this point it might well be useful to get some sort of antivirus application for your Mac, unfortunately, and at the least, make sure you aren't running as the "admin" user for your day-to-day activities on the 'net.

Read more about the Mac OS X Leap.A virus / worm / trojan horse:

  •   Andrew Welch @ Ambrosia SW
  •   Rob Griffiths and Kirk McElhearn @ Macworld
  •   F-Secure's official page on Leap.A
  •   Symantec's Threat Information Page on OSX.Leap.A




Categorized: Mac OS X Help   (Article 5958, Written by )
Tagged: , , ,
Previous: How do I get my Nintendo DS to connect to the Internet?
Next: Connect to the Internet with my Sony PSP?




Subscribe!
Never miss another Q&A article! Click to subscribe: Add to Google Reader Add to My Yahoo! Subscribe in NewsGator RDF XML
Comments

Apple has rapidly released a Security Update to block this and a few other methods of trying to sneak malicious software onto your Mac. It still pays to be wary of anything you download from the Internet (including email and chat clients.

Posted by: Bob at March 5, 2006 5:07 PM

Could some one tell me where where to get the file (latestpics.tgz)?

Posted by: Bob at April 28, 2007 10:09 PM

When my husband sends me an e-mail with an attachment, such as an Excel sheet from his PC, (latest model) I invariably receive it in my MAC as a dat file, which I can't open. Is there a conversion program I can download or something?

Posted by: Claudia at October 22, 2007 2:19 PM

I have something to say, now that you mention it, but ...
Starbucks coffee cup I do have a lot to say, and questions of my own for that matter, but first I'd like to say thank you for all your efforts on this Web site by buying you a cup of coffee!

I do have a comment, now that you mention it!











Remember personal info?


Please note that I will never send you any unsolicited email. Ever.

While I'm at it, please note that by submitting a question or comment you're agreeing to my terms of service, which are: you relinquish any subsequent rights of ownership to your material by submitting it on this site.









Recent Entries


Search
I Need Help!
Need Help? Ask Dave Taylor!

Even More Help

film blog - social media / blogging speaking - business blog - Colorado photography - free tech support
© 2002 - 2012 by Dave Taylor. All Rights Reserved.

Note: This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this web site or on any linked site.

[whiteboard marker tray]
"Ask Dave Taylor®" is a registered trademark of Intuitive Systems, LLC.