Worms in the Apple? Inqtana and Leap-A Burrow into Macs

If there’s any silver lining to the recent Leap-A worm, this realization is it:

Alas, Mac users, you do not live in the Shangri-La of operating systems after all. Your Macs are vulnerable to worms, viruses, and other malware, just like Windows users, so you best keep your security always up-to-date, and your eyes on the prowl for suspicious attachments.

Internet security firms found the Leap-A worm in February 2006, the first worm ever discovered that attacks Apple’s OS X operating system. The experts figured out that the digital parasite travels from victim to victim by Apple’s iChat instant messaging system.

Innocently enough, the worm forwards itself as a file titled “latestpics.tgz” that comes with a JPEG graphic icon. In this deceptive form, it travels to every contact on a user’s buddy list. Meanwhile, back on the user’s computer, the worm places the text “oompa” in the resource forks of infected programs as a marker, so as not to reinfect the same files over and over.

As first, experts argued over whether or not Leap-A was a worm in fact, or a Trojan horse. For those of us who’d rather not know the difference between a worm and a Trojan horse-we’d rather just not get either one, right?-a Trojan horse is a legitimate program that’s been corrupted and made to be destructive. Moreover, like those Greeks who left the original Trojan horse at Paris’ castle gates, someone has to plant the Trojan horse on your computer, either as a download on a Web site, e-mail, etc. Trojan horses cannot spread on their own.

Worms can. It’s in their nature-or code-to spread and infect. Whoever designs these malicious versions of viruses programs the worm to disseminate and destroy. That makes Leap-A a worm for sure, because it’s designed to infiltrate via the iChat application.

The Inqtana worms on the other hand spread wirelessly via Bluetooth. Bluetooth is a wi-fi tech used to transmit data between devices at short distances. Three variations of the Inqtana worm have been detected so far, OSX/Inqtana.A, OSX/Inqtana.B and OSX/Inqtana.C.

So Mac users-it seems you had your time in the sun. Sure, back in the old days, your notebook was far less vulnerable to worms than Microsoft products. But as the Trojans learned at the hands of the Greeks, the blessing of history is fleeting. Be wary, ibook, Macbook Pro, and Powerbook users.

By Matthew Brodsky – Laptopical

Wednesday, February 22, 2006