[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Friday, 17 February 2006, 11:20 GMT
Malicious worm aims to bite Apple
Apple laptop, AP
To fall victim, users have to install the code themselves
Mac users are being warned about what has been described as one of the first viruses for Apple's OS X software.

The malicious program, known as Leap-A, tries to spread via Apple's iChat instant messaging program.

The worm disguises itself as images of Apple's forthcoming version of its operating system, called Leopard, and plunders buddy lists if installed.

Security firms said Leap-A was not widespread and was unlikely to catch out many Apple users.

No threat

The malicious program tries to trick users into installing it and does not exploit any security holes in Apple's OS X operating system. It travels in a file called "latestpics.tgz" and only version 10.4 of OS X is vulnerable to it.

Installing and running the worm requires users to go through several stages and this, along with bugs in Leap-A's code, have led security firms to play down the threat it poses.

Mac users cannot keep thinking they are invulnerable to these threats
Graham Cluley, Sophos

"The important piece of advice for any iChat users running OS X 10.4 is not to accept file transfers, even if they come from someone on a buddy list," said Kevin Hogan, Symantec security response manager.

Symantec said Leap-A was a level 1 threat on its ranking system - the lowest level. Computer security firms McAfee and F-Secure also said it posed little threat.

The worm is interesting as it is one of the few written for Apple computers. The vast majority of viruses are written to attack Microsoft's Windows operating system.

"The Leap-A worm isn't in itself a significant threat, but it should act as a helpful reminder that malware can be written for any computer," said Graham Cluley, senior technology consultant for anti-virus firm Sophos.

"Mac users cannot keep thinking that they are invulnerable to these threats."

Security firms said Leap-A should more properly be described as a worm or trojan rather than a virus because of the way it tries to spread.

In a statement released to the Wall Street Journal, Apple said Leap-A was not a virus but was "malicious software".

It urged users to only accept files from vendors and websites they know and trust.




SEE ALSO:
Mac users 'too smug' over security
16 Jan 06 |  Technology
Mac security concerns answered
17 Jan 06 |  Technology
Unions call for video iPod talks
17 Oct 05 |  Entertainment
Man sues over iPod 'hearing risk'
02 Feb 06 |  Technology
Microsoft tackles security rivals
09 Feb 06 |  Technology
'Limited' damage from Nyxem virus
03 Feb 06 |  Technology


RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites



PRODUCTS AND SERVICES

Americas Africa Europe Middle East South Asia Asia Pacific