Originally Posted by andrews2547
You said there were no viruses for OS X. Correct me if I am wrong but 10.4 is OS X isn't it?
I also thought I made the part where it said it is malware as well as a virus bold.
If it requires user interaction to deploy, hence not a "virus." It's a worm. A virus does not need any interaction on behalf of the user. Just because it uses the common terminology of "virus", doesn't mean it's an actual virus. Look how many people in this thread are calling the Trojan that the thread is about a "virus." This would fit under "malware," not "virus."
The Leap worm is delivered over the iChat instant messaging program as a gzip-compressed tar file called latestpics.tgz. For the worm to take effect, the user must manually invoke it by opening the tar file and then running the disguised executable within.
The executable is disguised with the standard icon of an image file, and claims to show a preview of Apple's next OS. Once it is run, the virus will attempt to infect the system.
For non-"admin" users, it will prompt for the computer's administrator password in order to gain the privilege to edit the system configuration. It doesn't infect applications on disk, but rather when they are loaded, by using a system facility called "apphook".
Leap only infects Cocoa applications, and it does not infect applications owned by the system (including the apps that come pre-installed on a new machine), but only apps owned by the user who is currently logged in. Typically, that means apps that the current user has installed by drag-and-drop, rather than by Apple's installer system. When an infected app is launched, Leap tries to infect the four most recently used applications. If those four don't meet the above criteria, then no further infection takes place at that time.