Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Easily Change Firewall Settings in VirusBarrier X6

If you need different levels of protection on your laptop based on location, you can set up VirusBarrier X6's two-way firewall with multiple configurations. Whenever you change locations, switch easily to the firewall settings you want to use from the Intego menu, located in the menu bar. Make as many configurations as you want: for home, office, when you're on public Wi-Fi, and so on.

Visit Intego

 
 

Two Mac Malware Threats Sighted

Send Article to a Friend

A malicious file uploaded early this week to the MacRumors Forums site is a Trojan horse designed to fool Mac users into thinking they'll get to see preview pictures of Mac OS X 10.5 Leopard, the next version of Apple's operating system software. Instead, the file, named "latestpics.tgz," attempts to send itself to the user's iChat contacts, and damages applications on the user's computer. Your computer can't be infected unless you open the file.

<http://www.macrumors.com/pages/2006/02/ 20060216005401.shtml>

Andrew Welch of Ambrosia Software appears to be the first to post a thorough analysis of the malware, which he dubbed "Oompa-Loompa," or "OSX/Oomp-A" in the standard taxonomy. Both Sophos and Symantec appear to be using the name "OSX/Leap-A," and both are offering definition downloads.

<http://www.ambrosiasw.com/forums/index.php? showtopic=102379>

Welch says Leap-A appears to try, but fail, to spread itself through other applications the user launches. The resulting damage to these applications renders them unusable.

The easiest thing you can do to protect your computer is not download and open "latestpics.tgz" or any other archive you're not expecting. If you receive a file via email or instant message that you're not expecting, even from someone you know, always ask before opening it. This malware can't spread itself; it relies on a "social engineering" to trick users into activating it. (See "Are Input Managers the Work of the Devil?" elsewhere in this issue for more on the vulnerability that Leap-A is exploiting.)

If you run anti-virus software, make sure it is set to obtain updates automatically at least weekly, or check manually for updates over the next few days. Dan Adinolfi of Cornell University's IT Security Office has provided the first two links to Sophos's and Symantec's pages, which offer a growing set of info about the Trojan horse. Macworld has also posted a Leap-A FAQ.

<http://www.sophos.com/virusinfo/analyses/ osxleapa.html>
<http://www.sarc.com/avcenter/venc/data/ osx.leap.a.html>
<http://www.macworld.com/news/2006/02/16/ leapafaq/>

Shortly after Leap-A made headlines, a second piece of malware appeared. Inqtana-A is described as a Java-based proof of concept that takes advantage of an old Bluetooth vulnerability in Mac OS X. If you've applied the Apple Security Update 2005-006 for Mac OS X 10.3.9 and Mac OS X 10.4.1 or the general Mac OS X 10.4.1 release, then your Mac is unaffected by Inqtana-A.

<http://www.macworld.com/news/2006/02/17/inqtana />
<http://docs.info.apple.com/article.html? artnum=301528>
<http://docs.info.apple.com/article.html? artnum=301742>
<http://docs.info.apple.com/article.html? artnum=301630>

Although both threats are minimal - especially compared to far more dangerous malware that Microsoft Windows users encounter - they've served as a reminder to the Mac community that no computer system is entirely immune to Trojans, worms, and viruses.

 

Fujitsu ScanSnap Scanners — Get on the path to paperless bliss!
Convert double-sided documents to PDF with the one-button ScanSnap.
Scan documents, business cards, and receipts, and eliminate
paper piles from your desk. Visit us at: <http://www.ez.com/sstb>