On the evening of the 13th, an unknown user posted a link to a file on MacRumors Forums claiming to be the latest Leopard Mac OS X 10.5 screenshots. The file was named "latestpics.tgz"
The resultant file decompresses into what appears to be a standard JPEG icon in Mac OS X but was actually a compiled Unix executable in disguise. An initial disassembly reveals evidence that the application is a virus or was designed to give that impression. Routines listed include:
_infect:
_infectApps:
_installHooks:
_copySelf:
The exact consequences of the application are unclear, but users who originally executed the application have noted that it appears to self propogate even after the original file has been deleted:
If anyone remembers last night, when lasthope spread that picture that opened in terminal. I just turned on my other computer and it said it had an incoming file, from my computer, which was the latest pics file. Any help. I have already secure deleted it off of my harddrive, but how do i know that it will not come back.
Update: It appears that there is some debate about the classification of this application, and as it does require user activation, and a password if you are not already an administrator, it appears to fall into the Trojan classification, rather than self-propogating through any particular vulnerability in OS X.
Update #2: The most recent updates show that the file does send itself to other users in your AIM/iChat buddy list.