Is Leap-A a worm or a Trojan?
At least we can agree the Leap-A threat, revealed yesterday, is not an automatically infecting virus. But is it a worm or a Trojan?
Apple insists that the malware in question is of a different breed to those faced by Windows systems in the past. ‘Leap-A is not a virus, it is malicious software that requires a user to download the application and execute the resulting file,’ it said in a statement we reported today.
This downloading procedure has lead many to describe the attack as a Trojan, but Sophos is insisting that it was correct to classify Leap-A as a worm.
‘Some members of the Apple Macintosh community have claimed that OSX/Leap-A is a Trojan horse, and not a virus or worm, because it requires user interaction (the user has to receive a file via iChat, and manually choose to open and run the file contained inside),’ reads its website .
But it insists this is not the definition of a Trojan horse, which it declares to be: ‘A seemingly legitimate computer program that has been intentionally designed to disrupt and damage computer activity. Importantly, Trojan horses do not replicate or have any mechanism of spreading themselves. They have to be deliberately planted on a website, or accidentally shared with another user, or spammed out to email addresses. There is nothing inside a Trojan’s code to distribute themselves further to other victims.’
So, while Trojan horses do not contain any code to distribute or spread themselves, viruses and worms do. Because Leap-A is programmed to use the iChat IM system to spread itself to other users, it is – declares Sophos – comparable to an email or IM worm on the Windows platform, a sub category of the malware known as viruses.
‘Therefore, it is correct to call OSX/Leap-A a virus or a worm. It is not correct to call OSX/Leap-A a Trojan horse,’ concludes the anti-virus company.
This was all part of a survey Sophos conducted – of 617 computer users. Rather unsurprisingly, it found that a large majority (79 per cent) believe Apple Macintoshes will be targeted more in future. As opposed to less than one attack, presumably.