Intego Protects Against New Mac OS X Trojan Horse:
Oompa-Loompa, also called OSX/Oomp-A or Leap.A
Austin, TX, February 16, 2006 — Intego, the Macintosh security specialist
provides protection, through its VirusBarrier antivirus program, against
the newly discovered Oompa-Loompa Trojan horse, also called OSX/Oomp-A or
Leap.A. This security threat affects Macintosh computers running Mac OS X
on PowerPC processors. Replicating by sending itself to users’ iChat
buddies, the Oompa-Loompa Trojan horse does not delete any files, but
infects applications on computers where it runs, enabling those
applications to in turn spread the virus.
Two versions of this Trojan horse exist, and the Intego Virus Monitoring
Center immediately developed updated virus definitions, which it released
on February 14, 2006, as soon as it discovered this threat, ensuring that
VirusBarrier X and VirusBarrier X4 eradicate the Oompa-Loompa Trojan horse.
All Intego VirusBarrier X and VirusBarrier X4 users should make sure that
their virus definitions are up to date by using the NetUpdate preference
pane in the Mac OS X System Preferences.
Initially appearing in a compressed file called latestpics.tgz, this Trojan
horse, after being decompressed, appears to be a graphic file. When a user
double-clicks it, expecting to see a picture, the program inserts a file
called apphook.bundle in the user’s InputManagers folder which then ensures
that it is replicated in all other Cocoa applications the user launches.
Using Spotlight, the Trojan horse searches for the four most recently used
applications, then infects them. The apphook.bundle Input Manager attempts
to send a copy of the original file, latestpics.tgz, to every person on a
user’s iChat buddy list. Since users see this file coming from friends and
colleagues, they are inclined to assume that it is safe, and therefore
double-clicks the file a first time to decompress it, and a second time to
attempt to “view” it.
Intego usually advises all Macintosh users to only download and open files
and applications from trusted sources. In this case, however, users receive
the Trojan horse via iChat from their buddies and are therefore likely to
assume it is legitimate. So users should be additionally careful when
receiving an unexpected attachment via iChat from someone in their buddy
list. All users should update their virus definitions and never open files
received by e-mail or iChat unless they are sure that these files are safe.
For detailed information about the Oompa-Loompa Trojan horse, including
questions and answers, see (http://www.intego.com/news/pressroom.asp)
Intego develops and sells desktop Internet security and privacy software
Intego provides the widest range of software to protect users and their
Macs from the dangers of the Internet. Intego’s multilingual software and
support repeatedly receives awards from Mac magazines, and protects more
than one million users in over 60 countries. Intego has headquarters in the
USA, France and Japan.
As the dangers of the Internet grow, Intego is hard at work, developing new
software to protect users and their Macs from the latest security and
We protect your world.