Sophos, Inc., an anti-virus software vendor based in the UK, reports that the first Mac OS X worm has begun to spread. The report, which can be found at
http://www.sophos.com/pressoffice/news/articles/2006/02/macosxleap.html?pl_id=9&lang_id=1&lp_keyword=firstosx, details how the worm is spreading through the instant messaging client iChat, disguising itself as a file transfer from another iChat user.
Current estimates are that the spread of this worm is low, according to
Symantec. Still, that does not mean that this threat can or should be ignored.
Macintosh users should still employ some level of virus protection, even through the number of Macintosh-specific viruses is small compared to the number of Windows/PC-based threats. Even if virus code cannot be executed on a Macintosh, the Macintosh can still be party to the spreading of a virus or worm by copying infected files from one source to another. For this reason, your Macintosh anti-virus software should be configured to do real time scanning of the disk instead of scanning the disk on a scheudled basis.
This worm will automatically spread itself though the iChat client, so if iChat is not installed on a workstation, it will not be automatically spread. The file could be manually sent to another user via another IM client, or it could be spread by saving the file to a shared file server and run by another Mac user. The iChat client is not required to receive the file containing the worm. The worm can only infect a system if a user opens the file - simply having the file on your system does not mean you are infected.