| Common name | Oompa-Loompa |
|---|---|
| Technical name | Leap.A |
| Aliases |
|
| Classification | Unknown |
| Type | Worm |
| Subtype | Malware |
| Point of origin | [Unknown] |
The Oompa-Loompa malware, also called OSX/Oomp-A or Leap.A, is an application-infecting, LAN-spreading worm for Mac OS X, discovered by the Apple security firm Intego on February 14, 2006.[1] Leap cannot spread over the Internet, and can only spread over a local area network reachable using the Bonjour protocol. On most networks this limits it to a single IPsubnet.[2]
Delivery and infection[edit]
The Leap worm is delivered over the iChatinstant messaging program as a gzip-compressed tar file called latestpics.tgz. For the worm to take effect, the user must manually invoke it by opening the tar file and then running the disguised executable within.
The Oompa-Loompa malware, also called OSX/Oomp-A or Leap.A, is an application-infecting, LAN-spreading worm for Mac OS X, discovered by the Apple security firm Intego on February 14, 2006. Leap cannot spread over the Internet, and can only spread over a local area network reachable using the Bonjour protocol. On most networks this limits it to a single IP subnet. The Leap Motion Controller lets you interact directly with digital content on Windows PCs using your bare hands. Windows 7/8 or Mac OS X 10.7 Quick setup: download the Leap Motion software, plug the device into your USB port, and you're ready to go Download free apps for desktop and virtual reality on the Leap. LEAP is committed to consistently providing world class practice management software. Innovation is at the heart of our research and development so that our clients continually have the best possible experience. At LEAP, we are proud to deliver industry leading software that is attune to the ever-changing needs of our clients.
The executable is disguised with the standard icon of an image file, and claims to show a preview of Apple's next OS. Once it is run, the worm will attempt to infect the system.
For non-'admin' users, it will prompt for the computer's administrator password in order to gain the privilege to edit the system configuration. It doesn't infect applications on disk, but rather when they are loaded, by using a system facility called 'apphook'.
Leap only infects Cocoa applications, and it does not infect applications owned by the system (including the apps that come pre-installed on a new machine), but only apps owned by the user who is currently logged in. Tp link tl wn821n for mac. Typically, that means apps that the current user has installed by drag-and-drop, rather than by Apple's installer system. Free video converter for mac snow leopard. When an infected app is launched, Leap tries to infect the four most recently used applications. If those four don't meet the above criteria, then no further infection takes place at that time.
Payload[edit]
Once activated, Leap then attempts to spread itself via the user's iChat Bonjour buddy list. It does not spread using the main iChat buddy list, nor over XMPP. (By default, iChat does not use Bonjour and thus cannot transmit this worm.)
Leap does not delete data, spy on the system, or take control of it, but it does have one harmful effect: due to a bug in the worm itself, an infected application will not launch.[citation needed] This is helpful in that it prevents people from continuing to launch the infected program.
Delivery and infection[edit]
The Leap worm is delivered over the iChatinstant messaging program as a gzip-compressed tar file called latestpics.tgz. For the worm to take effect, the user must manually invoke it by opening the tar file and then running the disguised executable within.
The Oompa-Loompa malware, also called OSX/Oomp-A or Leap.A, is an application-infecting, LAN-spreading worm for Mac OS X, discovered by the Apple security firm Intego on February 14, 2006. Leap cannot spread over the Internet, and can only spread over a local area network reachable using the Bonjour protocol. On most networks this limits it to a single IP subnet. The Leap Motion Controller lets you interact directly with digital content on Windows PCs using your bare hands. Windows 7/8 or Mac OS X 10.7 Quick setup: download the Leap Motion software, plug the device into your USB port, and you're ready to go Download free apps for desktop and virtual reality on the Leap. LEAP is committed to consistently providing world class practice management software. Innovation is at the heart of our research and development so that our clients continually have the best possible experience. At LEAP, we are proud to deliver industry leading software that is attune to the ever-changing needs of our clients.
The executable is disguised with the standard icon of an image file, and claims to show a preview of Apple's next OS. Once it is run, the worm will attempt to infect the system.
For non-'admin' users, it will prompt for the computer's administrator password in order to gain the privilege to edit the system configuration. It doesn't infect applications on disk, but rather when they are loaded, by using a system facility called 'apphook'.
Leap only infects Cocoa applications, and it does not infect applications owned by the system (including the apps that come pre-installed on a new machine), but only apps owned by the user who is currently logged in. Tp link tl wn821n for mac. Typically, that means apps that the current user has installed by drag-and-drop, rather than by Apple's installer system. Free video converter for mac snow leopard. When an infected app is launched, Leap tries to infect the four most recently used applications. If those four don't meet the above criteria, then no further infection takes place at that time.
Payload[edit]
Once activated, Leap then attempts to spread itself via the user's iChat Bonjour buddy list. It does not spread using the main iChat buddy list, nor over XMPP. (By default, iChat does not use Bonjour and thus cannot transmit this worm.)
Leap does not delete data, spy on the system, or take control of it, but it does have one harmful effect: due to a bug in the worm itself, an infected application will not launch.[citation needed] This is helpful in that it prevents people from continuing to launch the infected program.
Protection and recovery[edit]
Vuze Leap For Mac
A common method of protecting against this type of Computer Worm is avoiding launching files from untrusted sources. An existing admin account can be 'declawed' by unchecking the box 'Allow this user to administer this computer.' (At least one admin account must remain on the system in order to install software and change vital system settings, even if it is an account created solely for that purpose.)
Recovering after a Leap infection involves deleting the worm files and replacing infected applications with fresh copies.[citation needed] It does not require re-installing the OS, since system-owned applications are immune.[3]
Video Leap For Mac
References[edit]
- ^New Mac OS X Trojan Horse: Oompa-Loompa, also called OSX/Oomp-A or Leap.A, Intego, 2006-02-14, retrieved 2012-01-20
- ^https://www.sophos.com/en-us/press-office/press-releases/2006/02/macosxleap.aspx
- ^https://www.sophos.com/en-us/press-office/press-releases/2006/02/macosxleap.aspx
External links[edit]
