Apple’s Mac OS X software has been hit by a mischievous instant messaging virus – the first ever to target the platform.
The virus, dubbed Leap-A by anti-virus company Sophos, is said to spread using Apple’s iChat IM service, forwarding itself as a file called “latestpics.tgz” to an infected user’s buddy contacts.
Clicking on the file allows the malware to install and disguise itself as a harmless-seeming Jpeg icon.
Leap-A is believed to have originally been posted on a website for Apple users, posing as a software update. Although the virus is benign, and is not believed to be spreading in large numbers, it still marks a minor landmark for a platform that has come to be seen in some quarters as immune to such mundane security issues.
“It’s probably been written for publicity or as a proof-of-concept,” said Graham Cluley of Sophos. "Some owners of Mac computers have held the belief that Mac OS X is incapable of harbouring computer viruses, but Leap-A will leave them shell-shocked, as it shows that the malware threat on Mac OS X is real," he said.
Cluley said that some Apple users were claiming that Leap-A was somehow not a real virus because it required the victim to click on the link, an objection he branded as ridiculous. Many PC viruses needed user interaction to set off infection, he pointed out, and this was no different.
Despite being aimed at Apple users, the virus follows broader trends in attempting to spread by way of instant messaging, the new application target of choice. This is seen as a less protected channel, and therefore a point of vulnerability.
Although this is unlikely to be the last virus aimed at Apple users, it has a mischievous old-world feel to it. As with PCs, an increasing number of the platform’s security concerns now revolve around exploiting specific software vulnerabilities rather than code that aims to spread mayhem as well as itself.