News 

The OSX/Leap-A worm spreads via the iChat instant messaging application, forwarding itself as a file called 'latestpics.tgz' (masquerading as screenshots of OS X 10.5) to contacts on the infected users' buddy list. When the archive file is opened on a computer it disguises its contents with a JPEG graphic icon in an attempt to convince people that it is harmless.

The worm uses the text 'oompa' as an infection marker in the resource forks of infected programs to prevent it from reinfecting the same files but doesn't appear to do any damage.

However resource forks are largely a thing of the past - a legacy from OS 9 - suggesting that few files on up-to-date

ADVERTISEMENT

systems will be infected.

Graham Cluley, senior technology consultant for Sophos which makes anti-virus software for OS X said that Mac users should no longer think that they do not have to worry about viruses.

'Some owners of Mac computers have held the belief that Mac OS X is incapable of harbouring computer viruses, but Leap-A will leave them shellshocked, as it shows that the malware threat on Mac OS X is real,' he said.

He added that, 'Apple Mac users need to be just as careful running unknown or unsolicited code on their computers as their friends and colleagues running Windows,' although there is nothing in this alert to suggest anything of the sort.

Users who have encountered the virus - though not via iChat but by downloading the file - report that it attempts to execute code via the Terminal, but fails, though another thread suggests that it does appear to be able to replicate itself. It will not run at all if the user does not launch it via the Finder.

As ever, the message to users is not to open a file unless you are sure of its provenance.