First Mac OS X Trojan found in the wild

CNET News.com reports a malicious program that could be the first Trojan in the wild to target Apple Computer's Mac OS X operating system has been discovered. The Trojan is spread through iChat.

Apple and outside analysts said the program, referred to as Leap-A, is not a "virus" per se. Rather, it "requires a user to download the application and execute the resulting file," Apple said in a statement to CNET News.com. The company provided no further comment on the nature of the program.

The malicious software, which has also been dubbed OSX/Oompa-A and the Ooompa Loompa Trojan Horse by other security experts, appears to have spread minimally so far and has achieved low-level threat classifications from McAfee and Symantec...

...Classified as both a worm and a Trojan, Leap-A appears to have begun its movement earlier this week after it was posted at a forum for Mac-related rumors. The file appeared as an external link promising pre-release screenshots of the upcoming Mac OS X 10.5, also known as Leopard.

Leap-A, which appears to affect only the OS X 10.4 platform, spreads primarily via the Apple iChat instant-messaging program. The program forwards itself as a compressed file called "latestpics.tgz" to all the contacts on the infected user's buddy list each time the program starts up.

However, it's up to the user to actually accept the download and then try to open the file to activate the Trojan...and we Mac users know better than that, right? RIGHT?