First Mac OS X Malware Infects Via iChat

Dubbed "OSX/Leap.a" by McAfee, Sophos, and Symantec, the malware spreads using the Mac's built-in iChat instant messaging service, where it arrives as an IM file transfer. If the recipient opens the "latestpics.tgz" archive file received from someone on her iChat contact list, the payload, actually a compressed Unix shell program, installs. The Unix shell then uses Mac OS X 10.4' Spotlight search tool to sniff out other applications on the machine, and inserts a small bit of code into each application.

First discovered as a posting to the MacRumors.com forum posing as screenshots of the next Apple OS, OS X 10.5, or "Leopard," OSX/Leap.a is actually a Trojan, not a worm, since it doesn&'t' self-propagate.

"Some owners of Mac computers have held the belief that Mac OS X is incapable of harboring computer viruses, but Leap.a will leave them shell-shocked, as it shows that the malware threat on Mac OS X is real," said Graham Cluley, a Sophos senior technology consultant, in a statement.

"Mac users need to be just as careful running unknown or unsolicited code on their computers as their friends running Windows," he added.

Other details about OSX/Leap.a are sketchy, since most anti-virus vendors have only begun pulling apart its code.

Mac malware, while not nonexistent, is rare. Some security analysts, however, have predicted that as Apple's operating system becomes more popular -- and thus a more economical target for attackers -- it will receive its fair share of attention from hackers.