Leap virus

Leap virus

The Leap or Oompa-Loompa computer virus is an application-infecting, LAN-spreading worm for Mac OS X discovered in February 2006.

Unlike most widely-reported worms for Windows before Service Pack 2, Leap cannot spread over the Internet. It can only spread over a local area network reachable using the Bonjour protocol. On most networks this limits it to a single IP subnet.

Delivery and infection

The Leap worm is delivered over the iChat instant messaging program as a gzip-compressed tar file called latestpics.tgz. For the worm to take effect, the user must manually invoke it by opening the tar file and then running the disguised executable within.

The executable is disguised with the standard icon of an image file, and claims to show a preview of Apple's next OS. Once it is run, the virus will attempt to infect the system.

For non-"admin" users, it will prompt for the computer's administrator password in order to gain the privilege to edit the system configuration. It doesn't infect applications on disk, but rather when they are loaded, by using a system facility called "apphook". Admin users, on the other hand, will not see a password prompt. By default, the first user account on a new Macintosh is an admin account (with the ability to install software), while additional accounts are not.

Leap only infects Cocoa applications, and it does not infect applications owned by the system (including the apps that come pre-installed on a new machine), but only apps owned by the user who is currently logged in. Typically, that means apps that the current user has installed by drag-and-drop, rather than by Apple's installer system. When an infected app is launched, Leap tries to infect the four most recently used applications. If those four don't meet the above criteria, then no further infection takes place at that time.

Payload

Once activated, Leap then attempts to spread itself via the user's iChat Bonjour buddy list. It does not spread using the main iChat buddy list, nor over Jabber. (By default, iChat does not use Bonjour and thus cannot transmit this virus.)

Leap does not delete data, spy on the system, or take control of it, but it does have one harmful effect: due to a bug in the virus itself, an infected application will not launch. This is helpful in that it prevents people from continuing to launch the infected program unawares.

Protection and recovery

Two common methods of protecting against this type of Trojan horse are avoiding launching files from untrusted sources, and using a non-admin account on a daily basis. An existing admin account can be "declawed" by unchecking the box "Allow this user to administer this computer." (At least one admin account must remain on the system in order to install software and change vital system settings, even if it is an account created solely for that purpose.)

Recovering after a Leap infection involves deleting the virus files and replacing infected applications with fresh copies. It does not require re-installing the OS, since system-owned applications are immune.

External links

* [http://www.ambrosiasw.com/forums/index.php?showtopic=102379 Analysis by Ambrosia Software]
* [http://www.symantec.com/avcenter/venc/data/osx.leap.a.html Symantec Security Response - OSX.Leap.A]
* [http://www.macworld.com/news/2006/02/17/leapafollow/index.php Macworld test of Leap A, with recovery tips]


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • The Great Leap Forward (The 4400 episode) — The 4400 episode Title = The Great Leap Forward Season = 4 Episode = 13 Airdate = September 16, 2007 Writer = Director = Prev = Tiny Machines Next = IMDb id = The Great Leap Forward is the thirteenth episode of season four of the science fiction… …   Wikipedia

  • Malware — Malware, short for malicious software, consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access… …   Wikipedia

  • Chuck Versus the Dream Job — Chuck episode Stephen J. Bartowski and Ted Roark in Chuck Versus the Dream Job …   Wikipedia

  • Anexo:Personajes de Héroes — Parte del reparto de Héroes en la Comic Con 2008. Ésta es una lista de los personajes de la serie de televisión estadounidense de ciencia ficción Héroes, de la cadena NBC, que incluye tanto a los personajes principales como a los secundarios.… …   Wikipedia Español

  • Deus Ex — This article is about the 2000 video game. For the series, see Deus Ex (series). For other uses, see Deus ex machina (disambiguation). Deus Ex Developer(s) Ion Storm Inc …   Wikipedia

  • Personajes de Héroes — Anexo:Personajes de Héroes Saltar a navegación, búsqueda Parte del reparto de Héroes en la Comic Con 2008. Ésta es una lista de los personajes de la serie de televisión estadounidense de ciencia ficción Héroes, de la cadena NBC, que incluye tanto …   Wikipedia Español

  • Chiroptera — Para otros usos de este término, véase Murciélago (desambiguación) …   Wikipedia Español

  • china — /chuy neuh/, n. 1. a translucent ceramic material, biscuit fired at a high temperature, its glaze fired at a low temperature. 2. any porcelain ware. 3. plates, cups, saucers, etc., collectively. 4. figurines made of porcelain or ceramic material …   Universalium

  • China — /chuy neuh/, n. 1. People s Republic of, a country in E Asia. 1,221,591,778; 3,691,502 sq. mi. (9,560,990 sq. km). Cap.: Beijing. 2. Republic of. Also called Nationalist China. a republic consisting mainly of the island of Taiwan off the SE coast …   Universalium

  • List of Heroes characters — From left to right: Micah, Niki, Nathan, Peter, Noah, Claire, Hiro, Mohinder, Matt, Sylar This is a list of fictional characters in the television series Heroes …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”