Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Turn Off Filename Extension Warning

In Leopard, Apple fixed an annoying aspect of working with the Finder in Tiger. Previously, if you changed a file's extension, the Finder prompted for confirmation. But since no one has ever accidentally changed a filename extension, Apple thankfully added an option to turn that warning off in the Leopard Finder's preferences. Choose Finder > Preferences, and in the Advanced screen, deselect Show Warning Before Changing an Extension.

 
 

Two Mac Malware Threats Sighted

Send Article to a Friend

A malicious file uploaded early this week to the MacRumors Forums site is a Trojan horse designed to fool Mac users into thinking they'll get to see preview pictures of Mac OS X 10.5 Leopard, the next version of Apple's operating system software. Instead, the file, named "latestpics.tgz," attempts to send itself to the user's iChat contacts, and damages applications on the user's computer. Your computer can't be infected unless you open the file.

<http://www.macrumors.com/pages/2006/02/ 20060216005401.shtml>

Andrew Welch of Ambrosia Software appears to be the first to post a thorough analysis of the malware, which he dubbed "Oompa-Loompa," or "OSX/Oomp-A" in the standard taxonomy. Both Sophos and Symantec appear to be using the name "OSX/Leap-A," and both are offering definition downloads.

<http://www.ambrosiasw.com/forums/index.php? showtopic=102379>

Welch says Leap-A appears to try, but fail, to spread itself through other applications the user launches. The resulting damage to these applications renders them unusable.

The easiest thing you can do to protect your computer is not download and open "latestpics.tgz" or any other archive you're not expecting. If you receive a file via email or instant message that you're not expecting, even from someone you know, always ask before opening it. This malware can't spread itself; it relies on a "social engineering" to trick users into activating it. (See "Are Input Managers the Work of the Devil?" elsewhere in this issue for more on the vulnerability that Leap-A is exploiting.)

If you run anti-virus software, make sure it is set to obtain updates automatically at least weekly, or check manually for updates over the next few days. Dan Adinolfi of Cornell University's IT Security Office has provided the first two links to Sophos's and Symantec's pages, which offer a growing set of info about the Trojan horse. Macworld has also posted a Leap-A FAQ.

<http://www.sophos.com/virusinfo/analyses/ osxleapa.html>
<http://www.sarc.com/avcenter/venc/data/ osx.leap.a.html>
<http://www.macworld.com/news/2006/02/16/ leapafaq/>

Shortly after Leap-A made headlines, a second piece of malware appeared. Inqtana-A is described as a Java-based proof of concept that takes advantage of an old Bluetooth vulnerability in Mac OS X. If you've applied the Apple Security Update 2005-006 for Mac OS X 10.3.9 and Mac OS X 10.4.1 or the general Mac OS X 10.4.1 release, then your Mac is unaffected by Inqtana-A.

<http://www.macworld.com/news/2006/02/17/inqtana />
<http://docs.info.apple.com/article.html? artnum=301528>
<http://docs.info.apple.com/article.html? artnum=301742>
<http://docs.info.apple.com/article.html? artnum=301630>

Although both threats are minimal - especially compared to far more dangerous malware that Microsoft Windows users encounter - they've served as a reminder to the Mac community that no computer system is entirely immune to Trojans, worms, and viruses.

 

READERS LIKE YOU! Support TidBITS by becoming a member today!
Check out the perks at <http://tidbits.com/member_benefits.html>
Special thanks to John R, Alan Ackerman, Thomas Grundberg, and H J
Heesakkers for their generous support!