Security experts have confirmed the existence of a self-replicating worm that targets Mac OS X, prompting a warning to customers by Apple Computer.
Identified in reports as either a Trojan horse or a virus, the threat first was noted on MacRumors.com and was verified by Ambrosia Software president Andrew Welch and technology gurus Ed Wynne and Glenn Anderson.
Security firm Secunia said that the threat seems to be a worm and also appears to be the first one specifically written for Mac OS X.
The suspect program hides inside a package that promises to reveal screenshots from the next version of OS X. Named "latestpics.tgz," the package also has been called the Oompa-Loompa Trojan because the virus checks for an attribute in files called "oompa" before attempting to infect them.
When unpacked, an application masquerading as a JPEG file appears. If a user clicks on it, the file executes and attempts to propagate itself to other machines using the buddy list of Apple's instant-messaging program iChat.
Welch noted on his blog that, although iChat users have been warned to use caution, it takes several steps to become infected. "You cannot simply 'catch' the virus," he wrote. "Even if someone does send you the file, you cannot be infected unless you unarchive the file, then open it."
Welch added that the threat does not exploit any security holes, but rather uses social engineering to get a user to launch it on a system. Also mitigating the spread is that if the user does not have administrator status, the worm cannot replicate. Finally, Welch added, the worm does not actually do anything particularly malicious other than propagate itself.
Although iChat users should be careful, Mac users in general probably do not need to be concerned that this worm is the start of widespread attack, said Thomas Kristensen, chief technology officer at Secunia.
The Mac operating system has not been targeted in the past because attackers prefer to focus on widely used systems. Because 97 percent of computer users employ Windows, that operating system has been the big target. Kristensen predicted that will continue to be the case.
"Why bother writing a virus for Linux and Mac when you can get so many other users by writing one for Windows?" he said. "This is especially true because, for a virus to become serious, it has to find other vulnerable systems, and with Macs, that would be a very limited spread."
In addition, there is little concern that the Mac worm would be able to leap onto Windows systems, Kristensen added.
"Code on Windows doesn't run natively on a Mac, so an attacker would have to find a common interpreter that's on both systems," he said. "That's more effort than it's worth for virus writers."