Leap.A (or Oompa-Loompa) is not a virus. Depending what you read, it’s either a worm or a trojan. You could call it a little bit of both.
And while a lot of Mac news sites have spent much of the day playing down its significance and pointing out that user action is required to run it and therefore infect each machine, I think it ought to make a lot of people stop and think for a minute.
A summary of Leap.A’s activities has been posted by the professional computer security team at F-Secure. I’m inclined to trust what F-Secure say about viruses, worms and other malware, because they have been conducting autopsies on harmful code for years now and they know what they are talking about.
There are two important things to note about Leap.A:
- it has to be executed by the user in order to get anywhere. This means that security-conscious users (probably most of Mac Devcenter’s readership) are less likely to be infected. But the vast majority of users, who don’t know or don’t care about computer security, are at risk.
- it propagates through iChat, invisibly sending itself from one computer to another.
This second feature is the one I find most worrying. For years now, people have grown accustomed to the idea of viruses arriving by email; some email applications on Windows have earned themselves a bad reputation simply because they allowed such viruses to spread too easily, too often.
This has happened so much, and been reported in the mainstream media so often, that the message has sunk into people’s brains: “Email can be dangerous - beware of viruses.”
But other means of malware propagation have not been so well understood by the general population, usually because mainstream media outlets don’t often allow the airtime or the printed space for their behaviors to be explained properly. Very few people have got the idea of web bugs, even though they’ve been around for some time now.
The same applies to instant messaging, a hugely popular use of computers, especially by young people. The idea that your computer might be infected via IM simply hasn’t sunk in to most people’s heads.
Viruses spread by exploiting holes in your system, cloning themselves and propagating automatically. Trojans, by definition, pretend to be something they are not, and therefore rely not on system insecurities but on user ignorance. I’m still convinced that OS X, on the whole, is a decently secure system — but that doesn’t prevent it being used by ignorant users.
That’s why this worm is not something we should be dismissing. It’s not a great threat in and of itself, but it is a sign of what might yet come.
Let’s be careful out there.