In the past, Macintosh users have been mostly spared from malicious worms and viruses. This is both because Mac OS X is fairly secure, as a UNIX application, and the fact that they have had smaller market share. On Valentine’s Day 2006 this changed a bit.

A ‘latestpics.tgz’ file which claims to be a tar-zipped screenshot package (from the Mac OS 10.5), was posted to a popular site of Mac Rumors. Visitors of this site discovered it was a worm rather quickly - it was fairly benign, in that it didn’t actually inflict damage on the machine, but rather infects your iChat list of buddies. This trojan only works on PowerPC-based Macs, not Intel machine. This only affects Macs of OS X 10.4 or after.

AV companies such as Sophos and Symantec have already responded, though there’s also a simple workaround to use. Apple will most likely have an official security patch for this problem by the time you read this. In the meanwhile, just add a folder action which will alert you if something has been added to your input manager folder - the worm will work on that piece of the operating system.

In order to activate the alert feature:

Go to –> Library/InputManagers/
Right click (or Ctrl click) on the folder. Select ‘enable folder actions’ if this is not already enabled.

Right click (or Ctrl click) on the folder another time. Select ‘attach a folder action.’ Select ‘add - new item alert script’ from the Folder Action Strips folder (default).

By doing this small task, you will be alerted if an item tries to insert itself like a trojan into your InputManagers folder.

NOTE: This is not a solution, but a workaround. If you have an antivirus program which has an actual fix, or if Apple provides a security update, we advise that you rely on these solutions instead of the above fix to solve the issue.

To secure your Mac, follow the tips below:

>> Run AV.

>> Make your computer ask for a password whenever waking from sleep or a screen saver.
Apple Menu > System Preferences > Security > Require password…

>> Use a non-administration account. Simply add an admin account for installing software and other tasks.
Apple Menu > System Preferences > Accounts > add admin account, then demote to standard. Log out and log in while remembering new password.

>> Use a good password which has numbers, letters and symbols in it. Disable auto-login.
/Applications/Utilities/Keychain Access, click on the key in the ‘change keychain password dialogue’ and select a password type

About the author of this article:

nick pegley is vp marketing for all covered: technology services partner for small business, providing local disaster recovery consulting and technology services in 20 major u.s. metro areas.