I'm going to rant a little because the coverage this goofy thing is getting is starting to annoy.
ChildOL said:
Read my entire post, what you describe is a Worm and it is not a worm but a Virus.
That's a pretty crappy virus if it spreads by having you download it and run it yourself. Here's what Ambrosia says:
-- This should probably be classified as a Trojan, not a virus, because it doesn't self-propagate externally (though it could arguably be called a very non-virulent virus)
-- It does not exploit any security holes; rather it uses "social engineering" to get the user to launch it on their system
-- If you're not running as an admin user, it will silently fail to infect most applications
-- It doesn't actually do anything other than attempt to propagate itself via iChat
You cannot simply "catch" the virus. Even if someone does send you the "latestpics.tgz" file, you cannot be infected unless you unarchive the file, and then open it.
That last statement is basically saying, "you can't run it unless you run it yourself." Like with any program. Duh.
I go with the trojan definition, and there have been many trojans written to target OS X over the years, using the same idea, in fact. The real news is when one actually spreads in the wild over the Internet, which hasn't happened because OS X hasn't been exploited to spread anything in that way. In other words, there's nothing for Apple to patch, since there is no security flaw. This thing isn't even around anymore because the file was quickly deleted from the original MacRumors forum post.
Now we're seeing paranoid people enabling file extensions and switching to non-admin accounts as if there's an actual virus floating around that will infect you at any moment. I'm sitting here smacking my forehead.
I could write a program that deletes all the files in your Documents folder and garbles Spotlight metadata and link it on the MacRumors forum as "iTunes-speed-enhancer.tgz," but just because a few people ended up running it doesn't mean an OS X trojan is spreading in the wild that warrants national news coverage (and now I see it's on DrudgeReport, too). It means a few people on MacRumors got tricked into running a file I posted. It's not news that double-clicking a program on your computer will run that program on your computer.
Now Symantec and others will make a lot of noise trying to get you to buy Antivirus to protect you from the 0 viruses going around on the net. Symantec actually has it listed under "Latest Threats" on their front page. Lame.
There was bigger reason to worry back when Safari auto-installed widgets. This is a lot of nothing. Nothing has changed that has opened any doors to anything; it was always possible to run malicious software on your computer if you execute it yourself. OS X is just as secure as it was before, and no flaw is being exploited in the OS, and there's no mechanism in OS X for this to silently spread to you or others. YOU have to run this program. Turn your file extensions back off if you want to, for Pete's sake! Just don't download and run any old program you find off a messageboard; that's common sense. Didn't Safari give its standard prompt that there was an executable in the compressed file when you downloaded it? That prompt is there for this exact reason.
I'd like to thank MacRumors for announcing this in the way they did, which has now been picked up by Reuters, who gets so many details wrong, it's ridiculous (from referring to it first as a virus and then a worm, to claiming it's the first trojan found to target Macs, to waiting until the end of the article to mention you have to actually download it and run it yourself...sort of an all-volunteer virus). Now people will read it on Reuters and think there's some big virus spreading to Macs over the Internet, the first one of its kind, when what actually happened is a few people on a messageboard were tricked into running a proof-of-concept UNIX executable on their systems. That's it. Thanks a lot, MacRumors, you turned an isolated incident on the MacRumors forums into "The First OS X Virus Attacking Mac Users Everywhere!" appearing in an Associated Press article near you. Grumble.
To sum up:
1.) It's not the "first trojan to target OS X." When people say there have been no trojans or viruses for OS X in the past five years, they're referring to the fact that none have actually spread anywhere on a measureable scale. But there have been lots of test examples written before, and people pointed out this icon thing back during the 10.2 days.
2.) It's not exploiting any flaws in OS X.
3.) You have to download it and run it yourself. Don't open random crap from the net, as Apple has always recommended, and common sense dictates. Hey, it was OS X Leopard screenshots; I symphathize with the temptation.
4.) It's not news that someone posted a buggy executable to a messageboard and tricked some forum posters into running it by calling it something it wasn't. I'm totally shocked this has hit Reuters, as if Leap.A is actually spreading around all over the net. I really wonder if there are zero copies of it running on anyone's computers as I type this. There wouldn't be news of a "new Linux worm" if I linked a malicious script in a Slashdot post that tried to send itself to your Gaim buddies.
5.) This doesn't "open the doors" for anything. Malicious software has always had the ability to run on OS X, Linux, and any other secure operating system. It's really easy for such software to do that when the user runs it themselves! An all-volunteer trojan.
So, there. Some may disagree with me. I think this is all blown way out of proportion and will be forgotten in a couple of weeks (like the Safari automatic widget installation was, which was a real behavioral flaw in OS X that was since modified and also got some coverage in the tech press).
