Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Simplify Similar Syncs with ChronoSync Templates

You can create an unlimited number of ChronoSync documents with numerous settings and options that control your synchronizations. If you find yourself needing to create many similar ChronoSync documents, consider using templates.

Just create a ChronoSync document and set all the options the way you want them. Choose File > Save as Template to save the ChronoSync document as a template, and then open it in the future when creating a new ChronoSync document.

Search on "template" in ChronoSync Help for all the details.

Visit Econ Technologies

 
 

Two Mac Malware Threats Sighted

Send Article to a Friend

A malicious file uploaded early this week to the MacRumors Forums site is a Trojan horse designed to fool Mac users into thinking they'll get to see preview pictures of Mac OS X 10.5 Leopard, the next version of Apple's operating system software. Instead, the file, named "latestpics.tgz," attempts to send itself to the user's iChat contacts, and damages applications on the user's computer. Your computer can't be infected unless you open the file.

<http://www.macrumors.com/pages/2006/02/ 20060216005401.shtml>

Andrew Welch of Ambrosia Software appears to be the first to post a thorough analysis of the malware, which he dubbed "Oompa-Loompa," or "OSX/Oomp-A" in the standard taxonomy. Both Sophos and Symantec appear to be using the name "OSX/Leap-A," and both are offering definition downloads.

<http://www.ambrosiasw.com/forums/index.php? showtopic=102379>

Welch says Leap-A appears to try, but fail, to spread itself through other applications the user launches. The resulting damage to these applications renders them unusable.

The easiest thing you can do to protect your computer is not download and open "latestpics.tgz" or any other archive you're not expecting. If you receive a file via email or instant message that you're not expecting, even from someone you know, always ask before opening it. This malware can't spread itself; it relies on a "social engineering" to trick users into activating it. (See "Are Input Managers the Work of the Devil?" elsewhere in this issue for more on the vulnerability that Leap-A is exploiting.)

If you run anti-virus software, make sure it is set to obtain updates automatically at least weekly, or check manually for updates over the next few days. Dan Adinolfi of Cornell University's IT Security Office has provided the first two links to Sophos's and Symantec's pages, which offer a growing set of info about the Trojan horse. Macworld has also posted a Leap-A FAQ.

<http://www.sophos.com/virusinfo/analyses/ osxleapa.html>
<http://www.sarc.com/avcenter/venc/data/ osx.leap.a.html>
<http://www.macworld.com/news/2006/02/16/ leapafaq/>

Shortly after Leap-A made headlines, a second piece of malware appeared. Inqtana-A is described as a Java-based proof of concept that takes advantage of an old Bluetooth vulnerability in Mac OS X. If you've applied the Apple Security Update 2005-006 for Mac OS X 10.3.9 and Mac OS X 10.4.1 or the general Mac OS X 10.4.1 release, then your Mac is unaffected by Inqtana-A.

<http://www.macworld.com/news/2006/02/17/inqtana />
<http://docs.info.apple.com/article.html? artnum=301528>
<http://docs.info.apple.com/article.html? artnum=301742>
<http://docs.info.apple.com/article.html? artnum=301630>

Although both threats are minimal - especially compared to far more dangerous malware that Microsoft Windows users encounter - they've served as a reminder to the Mac community that no computer system is entirely immune to Trojans, worms, and viruses.

 

READERS LIKE YOU! Support TidBITS by becoming a member today!
Check out the perks at <http://tidbits.com/member_benefits.html>
Special thanks to Mike Penny, Ruth Lucchesi, Permelia Allgood, and
John Beare for their generous support!