This is good information for Mac users. Apparently Leap-A is not (yet) too great a threat. Cutting to the chase:
How would this thing get on my machine?
The only way you can get the Leap-A malware on your machine is if you take some action to put it there yourself. You might receive a file from a buddy in iChat, or download something from the Internet, or open an attachment to an e-mail message. The program code is presently hiding in what claims to be pictures of OS X 10.5, Apple’s next major OS X upgrade. To get Leap-A on your machine, you must (a) receive the file, which is compressed; (b) expand the archive; and (c) double-click what appears to be an image file to execute the code. You cannot get the malware by simply browsing the Internet, reading e-mail, or chatting with friends in iChat.
What makes Leap-A trickier to detect, of course, is the fact that it’s disguised as something else. We have some advice below on how to avoid accidentally infecting your machine with Leap-A.
That said, I went looking for Leap-A to test how it behaves on a secured machine. It wasn’t easy to find, and even when I did find a version, its behavior didn’t seem to match that described by Andrew Welch. My applications were not infected, and nothing was sent via iChat. Of course, over time, other versions may be released with more widespread distribution, so my inability to readily find Leap-A may not always be the case.
And, more to the point:
How can I tell if I have the Leap-A malware on my machine?
Open your user’s Library folder, then the InputManagers folder, and look for a folder named apphook. If it’s there, you have it. Note that future versions of the malware may change this name, so it might be worth noting what’s installed there now, just in case. Note that this folder is not a standard part of OS X, and you’ll only have it if you’ve installed certain add-on programs such as SafariStand, Sogudi, or Chax.
All I had was SafariStand…