INTEGO SECURITY ALERT
Intego Protects Against New Mac OS
X Trojan Horse:
Oompa-Loompa, also called OSX/Oomp-A or Leap.A
Austin, TX, February 16, 2006 - Intego, the Macintosh
security specialist provides protection, through its VirusBarrier antivirus
program, against the newly discovered Oompa-Loompa Trojan horse, also
called OSX/Oomp-A or Leap.A. This security threat affects Macintosh computers
running Mac OS X on PowerPC processors. Replicating by sending itself
to users’ iChat buddies, the Oompa-Loompa Trojan horse does not
delete any files, but infects applications on computers where it runs,
enabling those applications to in turn spread the virus.
Two versions of this Trojan horse exist, and the Intego Virus Monitoring
Center immediately developed updated virus definitions, which it released
on February 14, 2006, as soon as it discovered this threat, ensuring
that VirusBarrier X and VirusBarrier X4 eradicate the Oompa-Loompa Trojan
horse. All Intego VirusBarrier X and VirusBarrier X4 users should make
sure that their virus definitions are up to date by using the NetUpdate
preference pane in the Mac OS X System Preferences.
Initially appearing in a compressed file called latestpics.tgz, this
Trojan horse, after being decompressed, appears to be a graphic file.
When a user double-clicks it, expecting to see a picture, the program
inserts a file called apphook.bundle in the user’s InputManagers
folder which then ensures that it is replicated in all other Cocoa applications
the user launches. Using Spotlight, the Trojan horse searches for the
four most recently used applications, then infects them. The apphook.bundle
Input Manager attempts to send a copy of the original file, latestpics.tgz,
to every person on a user’s iChat buddy list. Since users see this
file coming from friends and colleagues, they are inclined to assume
that it is safe, and therefore double-clicks the file a first time to
decompress it, and a second time to attempt to “view” it.
Intego usually advises all Macintosh users to only download and open
files and applications from trusted sources. In this case, however, users
receive the Trojan horse via iChat from their buddies and are therefore
likely to assume it is legitimate. So users should be additionally careful
when receiving an unexpected attachment via iChat from someone in their
buddy list. All users should update their virus definitions and never
open files received by e-mail or iChat unless they are sure that these
files are safe.
For detailed information about the Oompa-Loompa Trojan horse, including
questions and answers, see http://www.intego.com/news/pressroom.asp
About Intego
Intego develops and sells desktop Internet security and privacy software for
Macintosh.
Intego provides the widest range of software to protect users and their Macs
from the dangers of the Internet. Intego's multilingual software and support
repeatedly receives awards from Mac magazines, and protects more than one million
users in over 60 countries. Intego has headquarters in the USA, France and
Japan.
As the dangers of the Internet grow, Intego is hard at work, developing new
software to protect users and their Macs from the latest security and privacy
threats.
We protect your world.
#
# # #
|
