Mac Trojan: Leap-A (OSX/Oomp-A)

There’s some news last night about the first Mac OS X “virus” in the wild. First of all, it’s NOT a virus. It’s a Trojan horse, which requires the user to execute the program him/herself. It’s low-risk and probably won’t spread beyond the few people who’ve already been infected. Good news is that it appears to be broken and doesn’t seem to do anything malicious.

Here’s a fairly detailed explanation of the trojan:

Here are a few tips you can use to protect yourself from this and other attacks in the future (adapted from an email I sent several of my Mac loving friends and colleagues):

  • Same as in the Windows world: If you don’t know what the file is, or where it came from, don’t open it.
  • Make sure your Mac OS X software is up to date.
  • Make sure you have a non-blank password on your user account.
  • In Safari, go do the preferences (Safari -> Preferences…) and click on the “General” tab (in Mac OS 10.4, should be similar in previous versions). UNCHECK the box that says “Open ‘safe’ files after downloading”. This is big, folks. Make sure you’re the one opening downloads, not Safari. It’s a little less convenient to have to open your downloads folder and open the file, but at least you have control over what gets opened and when.
  • From the open the Finder Preferences (Finder->Preferences…) and select the “Advanced” tab. Check the box, “Show all file extensions.” It’s not as pretty, but you’ll be able to immediately spot something like Leap-A: A JPEG image file should end with .jpg
  • Unless you know the program to be safe, don’t enter your password when an application requests it.
  • Keep regular backups just in case anything from this trojan or any other does something bad to your computer. I typically keep weekly backups to an external firewire hard disk drive.

Moral of the story – just be careful

Leave a comment

Hey there! Come check out all-new content at my new!