[Helpdesk] First OS X "virus"?

Andrew Main handymac at earthlink.net
Fri Feb 17 13:51:12 MST 2006 

There's been a lot of buzz the last ca. 36 hours about what appears  
to be the first real "malware" to appear in the OS X environment.  
It's been dubbed "Oompa-Loompa" (aka "OSX/Oomp-A"), and first  
appeared posted anonymously on a forum at MacRumors.com. For a  
succinct explanation of this situation, see the page by Mark Allan,  
developer of the open-source (free) ClamXAV anti-virus utility for  
Mac OS X:

<http://www.markallan.co.uk/clamXav/index.php?page=leap>

----------------------------------------
The file in question promises pictures of the next version of Mac OS  
X 10.5, codenamed Leopard, and is named "latestpics.tgz".

Note: You cannot be infected by this unless you do all of the following:

1) You are somehow sent (via email, iChat, etc.) or download the  
"latestpics.tgz" file
2) You double-click on the file to decompress it
3) You double-click on the resulting file to "open" it

...and even then, most users must also enter their Admin password.

You cannot simply "catch" the virus. Even if someone does send you  
the "latestpics.tgz" file, you cannot be infected unless you  
decompress the file, and then open it. ...

On first inspection, it would appear that it doesn't actually do  
anything other than try to send itself to everyone, but it's the  
first true Mac OS X trojan and I'm fairly sure that others will  
follow suit in a similar pattern with the intention of doing  
something more harmful.

The best thing you can do is make sure to keep your virus definitions  
up-to-date, use ClamXav Sentry to watch your downloads folder, and  
never open any attachments unless you're actually expecting to  
receive something.

----------------------------------------
If you feel a need for malware protection in OS X, ClamXAV seems like  
a good bet (though I haven't used it myself, nor so far any anti- 
virus utility):
<http://www.clamxav.com/>

Follow the links on Mark's page to learn more of the history of this  
trojan, its discovery what's been done in the Mac user community to  
respond to it.

If you are using a Mac I have set up, see the Information/More  
Information/Security folder for more discussion of Mac OS X and  
viruses (and other malware).

Andrew Main

More information about the Helpdesk mailing list