• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Worms › Leap.A – Worm for Mac OS X

Leap.A – Worm for Mac OS X

Myantispyware team February 18, 2006     No Comment    

Leap.A is a binary file compiled for Mac OS X. It arrives in an archive file, called ‘latestpics.tgz’. When the executable in the archive is opened the virus activates. First it drops an icon resource and an external hook bundle which is used for spreading through iChat.

Spreading through iChat

Leap.A installs a bundle to ‘~/InputManagers/apphook’ that hooks certain iChat functions. When any of the user’s buddies change their status, the worm initiates a file transfer and sends a copy of ‘ ‘latestpics.tgz’. The file transfer is not visible to the user as the worm hides the transfer status information.

File infection

The worm enumerates all applications on the computer that were used during the last month. Leap.A replaces the main executable of those applications with itself and saves the original file to a resource fork with the same filename. When the application is opened the worm activates first, then it runs the original application from the resource fork.

Thanks to F-Secure.

Worms

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Silenthill24.biz
How to remove Silenthill24.biz pop-ups (Virus removal guide)
unwanted ads
How to uninstall IntegerLocator app/extension from Mac (Virus removal guide)
Freshyearmarts.shop
Freshyearmarts.shop pop-up scam (Virus removal guide)
unwanted ads
Fast PDF Reader extension (Virus removal guide)
Watchvideo.pro
Watchvideo.pro pop-up scam (Virus removal guide)

Follow Us

Search

Useful Guides

remove android virus
How to remove virus from Android phone
How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]
How to remove browser hijacker virus (Chrome, Firefox, IE, Edge)
Tech Support Scam
Remove Tech Support Scam pop-up virus [Microsoft & Apple Scam]
DNSChanger
How to remove DNSChanger malware virus [Updated Apr. 2018]

Recent Posts

Found DVD disks contains a copy protection mechanism which uses rootkit-like cloaking technology.
Exploit for Vulnerability in Windows Media Player has been released
Adware SE 14.02.2006 update now available
Vulnerability in Windows Media Player Could Allow Remote Code Execution
How to remove AlfaCleaner

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2022 Myantispyware.com - Free antispyware programs and Spyware Removal Instructions.