To fall victim, users have to install the code themselves
Mac users are being warned about what has been described as one of the first viruses for Apple's OS X software.

The malicious program, known as Leap-A, tries to spread via Apple's iChat instant messaging program.

The worm disguises itself as images of Apple's forthcoming version of its operating system, called Leopard, and plunders buddy lists if installed.

Security firms said Leap-A was not widespread and was unlikely to catch out many Apple users.

No threat

The malicious program tries to trick users into installing it and does not exploit any security holes in Apple's OS X operating system. It travels in a file called "latestpics.tgz" and only version 10.4 of OS X is vulnerable to it.

Installing and running the worm requires users to go through several stages and this, along with bugs in Leap-A's code, have led security firms to play down the threat it poses.
"The important piece of advice for any iChat users running OS X 10.4 is not to accept file transfers, even if they come from someone on a buddy list," said Kevin Hogan, Symantec security response manager.

Symantec said Leap-A was a level 1 threat on its ranking system - the lowest level. Computer security firms McAfee and F-Secure also said it posed little threat.

The worm is interesting as it is one of the few written for Apple computers. The vast majority of viruses are written to attack Microsoft's Windows operating system.

"The Leap-A worm isn't in itself a significant threat, but it should act as a helpful reminder that malware can be written for any computer," said Graham Cluley, senior technology consultant for anti-virus firm Sophos.

"Mac users cannot keep thinking that they are invulnerable to these threats."

Security firms said Leap-A should more properly be described as a worm or trojan rather than a virus because of the way it tries to spread.

In a statement released to the Wall Street Journal, Apple said Leap-A was not a virus but was "malicious software".

It urged users to only accept files from vendors and websites they know and trust.
BBC