Summary of OSX/Oompa-A from AmbrosiaSoftware.
Summary of OSX/Oompa-A from Sophos.
Summary of OSX/Ooma-A from Symantec
Each report describes the basics of Oompa-A, yet they all reach different conclusions about what it is. Actually, Sophos has no idea what to call it, so they’re saying it’s both a worm and a virus.
I’m leaning a little more towards the trojan side myself. Oompa isn’t capable of doing anything without a form of user intervention, and that includes its propegation to other users.
A trojan isn’t just defined by a user clicking on an icon, it’s the art of deceiving the end user. Nobody would have excitedly clicked on their personal 401k statement the same way they would have clicked on potential screen shots of OSX Leopard.
I won’t deny the fact that it propegates, but maybe that is just a sign that the old malware defintions of virus, worm, trojan, and logic bomb aren’t suitable for pigeon-holeing entire programs. Most malware nowadays uses techniques from all four in order to infect as many hosts as possible.
Whether a program is a worm or a virus is not really important. What end users need to understand are the infection vectors, the propegation methods, the sustainability of the program, the threat level, and the potential damage. Any additional hype on top of that is usually just added on to sell you anti-virus (or anti-trojan?) software.
Maybe the time has come to stop using terms like virus or worm, and just create one cool sounding word for all forms of harmful software.