![]() Leap does not delete data, spy on the system, or take control of it, but it does have one harmful effect: due to a bug in the worm itself, an infected application will not launch. (By default, iChat does not use Bonjour and thus cannot transmit this worm.) It does not spread using the main iChat buddy list, nor over XMPP. Once activated, Leap then attempts to spread itself via the user's iChat Bonjour buddy list. If those four don't meet the above criteria, then no further infection takes place at that time. When an infected app is launched, Leap tries to infect the four most recently used applications. Typically, that means apps that the current user has installed by drag-and-drop, rather than by Apple's installer system. ![]() Leap only infects Cocoa applications, and it does not infect applications owned by the system (including the apps that come pre-installed on a new machine), but only apps owned by the user who is currently logged in. It doesn't infect applications on disk, but rather when they are loaded, by using a system facility called "apphook". Once it is run, the worm will attempt to infect the system.įor non-"admin" users, it will prompt for the computer's administrator password in order to gain the privilege to edit the system configuration. The executable is disguised with the standard icon of an image file, and claims to show a preview of Apple's next OS. For the worm to take effect, the user must manually invoke it by opening the tar file and then running the disguised executable within. The Leap worm is delivered over the iChat instant messaging program as a gzip-compressed tar file called latestpics.tgz. On most networks this limits it to a single IP subnet. Leap cannot spread over the Internet, and can only spread over a local area network reachable using the Bonjour protocol. ![]() The Oompa-Loompa malware, also called OSX/Oomp-A or Leap.A, is an application-infecting, LAN-spreading worm for Mac OS X, discovered by the Apple security firm Intego on February 14, 2006. Please help improve this article by introducing citations to additional sources.įind sources: "Leap" computer worm – news Relevant discussion may be found on the talk page. This article relies largely or entirely on a single source.
0 Comments
Leave a Reply. |