25:
274:
applications, and it does not infect applications owned by the system (including the apps that come pre-installed on a new machine), but only apps owned by the user who is currently logged in. Typically, that means apps that the current user has installed by drag-and-drop, rather than by Apple's
303:
A common method of protecting against this type of
Computer Worm is avoiding launching files from untrusted sources. An existing admin account can be "declawed" by unchecking the box "Allow this user to administer this computer." (At least one admin account must remain on the system in order to
294:
Leap does not delete data, spy on the system, or take control of it, but it does have one harmful effect: due to a bug in the worm itself, an infected application will not launch. This is helpful in that it prevents people from continuing to launch the infected program.
266:
For non-"admin" users, it will prompt for the computer's administrator password in order to gain the privilege to edit the system configuration. It doesn't infect applications on disk, but rather when they are loaded, by using a system facility called "apphook".
275:
installer system. When an infected app is launched, Leap tries to infect the four most recently used applications. If those four don't meet the above criteria, then no further infection takes place at that time.
307:
Recovering after a Leap infection involves deleting the worm files and replacing infected applications with fresh copies. It does not require re-installing the OS, since system-owned applications are immune.
263:
The executable is disguised with the standard icon of an image file, and claims to show a preview of Apple's next OS. Once it is run, the worm will attempt to infect the system.
288:
35:
260:. For the worm to take effect, the user must manually invoke it by opening the tar file and then running the disguised executable within.
93:
65:
50:
72:
79:
365:
351:
61:
304:
install software and change vital system settings, even if it is an account created solely for that purpose.)
412:
417:
223:
219:
392:
387:
86:
397:
253:
245:
227:
406:
199:
149:
42:
287:
Bonjour buddy list. It does not spread using the main iChat buddy list, nor over
271:
24:
291:. (By default, iChat does not use Bonjour and thus cannot transmit this worm.)
230:
207:
327:
New Mac OS X Trojan Horse: Oompa-Loompa, also called OSX/Oomp-A or Leap.A
215:
203:
159:
382:
325:
331:
211:
136:
283:
Once activated, Leap then attempts to spread itself via the user's
284:
242:
249:
195:
18:
46:
226:
protocol. On most networks this limits it to a single
173:
165:
155:
145:
129:
121:
116:
214:on February 14, 2006. Leap cannot spread over the
383:Intego Analysis - OSX/Leap.A aka OSX/Oompa-Loompa
8:
51:introducing citations to additional sources
393:Macworld test of Leap A, with recovery tips
366:"First ever virus for Mac OS X discovered"
352:"First ever virus for Mac OS X discovered"
41:Relevant discussion may be found on the
317:
113:
398:Leap-A malware: what you need to know
7:
241:The Leap worm is delivered over the
14:
388:Macworld- Mac Security: Antivirus
34:relies largely or entirely on a
23:
194:, is an application-infecting,
1:
218:, and can only spread over a
434:
62:"Leap" computer worm
299:Protection and recovery
237:Delivery and infection
186:malware, also called
222:reachable using the
206:, discovered by the
47:improve this article
16:MacOS computer worm
270:Leap only infects
220:local area network
246:instant messaging
180:
179:
112:
111:
97:
425:
370:
369:
362:
356:
355:
348:
342:
341:
340:
339:
322:
259:
114:
107:
104:
98:
96:
55:
27:
19:
433:
432:
428:
427:
426:
424:
423:
422:
403:
402:
379:
374:
373:
364:
363:
359:
350:
349:
345:
337:
335:
324:
323:
319:
314:
301:
281:
257:
239:
108:
102:
99:
56:
54:
40:
28:
17:
12:
11:
5:
431:
429:
421:
420:
415:
413:Computer worms
405:
404:
401:
400:
395:
390:
385:
378:
377:External links
375:
372:
371:
357:
343:
316:
315:
313:
310:
300:
297:
280:
277:
258:latestpics.tgz
238:
235:
210:security firm
178:
177:
175:
171:
170:
167:
166:Classification
163:
162:
157:
153:
152:
147:
143:
142:
141:
140:
131:
127:
126:
123:
122:Technical name
119:
118:
110:
109:
45:. Please help
31:
29:
22:
15:
13:
10:
9:
6:
4:
3:
2:
430:
419:
418:MacOS malware
416:
414:
411:
410:
408:
399:
396:
394:
391:
389:
386:
384:
381:
380:
376:
367:
361:
358:
353:
347:
344:
333:
329:
328:
321:
318:
311:
309:
305:
298:
296:
292:
290:
286:
278:
276:
273:
268:
264:
261:
255:
251:
248:program as a
247:
244:
236:
234:
232:
229:
225:
221:
217:
213:
209:
205:
201:
197:
193:
189:
185:
176:
172:
168:
164:
161:
158:
154:
151:
148:
144:
138:
134:
133:
132:
128:
124:
120:
115:
106:
95:
92:
88:
85:
81:
78:
74:
71:
67:
64: –
63:
59:
58:Find sources:
52:
48:
44:
38:
37:
36:single source
32:This article
30:
26:
21:
20:
360:
346:
336:, retrieved
334:, 2006-02-14
326:
320:
306:
302:
293:
282:
269:
265:
262:
256:file called
252:-compressed
240:
191:
187:
184:Oompa-Loompa
183:
181:
135:OSX/Oomp-A (
117:Oompa-Loompa
103:January 2012
100:
90:
83:
76:
69:
57:
33:
198:-spreading
407:Categories
338:2012-01-20
312:References
188:OSX/Oomp-A
73:newspapers
43:talk page
216:Internet
204:Mac OS X
279:Payload
224:Bonjour
169:Unknown
160:Malware
156:Subtype
87:scholar
332:Intego
231:subnet
212:Intego
192:Leap.A
174:Origin
137:Intego
125:Leap.A
89:
82:
75:
68:
60:
285:iChat
272:Cocoa
243:iChat
208:Apple
130:Alias
94:JSTOR
80:books
289:XMPP
250:gzip
202:for
200:worm
182:The
150:Worm
146:Type
66:news
254:tar
196:LAN
190:or
49:by
409::
330:,
233:.
228:IP
368:.
354:.
139:)
105:)
101:(
91:·
84:·
77:·
70:·
53:.
39:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.