Results 1 to 6 of 6

Thread: iChat Virus?

  1. #1
    Join Date
    Nov 2009
    Posts
    1

    Default iChat Virus?

    Hi. I was away from my computer for a day and when I returned I had an IM from a Screen Name that has been harassing me for a couple of months. They keep trying to video chat me or IM me, but I never answer. When I returned to my computer this morning, there was an IM that I opened and was finally going to say something to the person, but when I opened it, there was a couple of messages saying that they have downloaded all of my information and passwords and files. I am going to attach a photo so you can see. It looks a little fishy. I called Apple and they have never seen it. There are no articles about anything like it on google. The persons SN is bolded which is odd since usually when iChat tells you if someone has signed off or on, the SN is not in bold. Also iChat never gives warning messages like these. I feel like it is some script for iChat that someone started using. If not and someone has in fact hacked my system, which I don't believe someone can do through iChat, can someone let me know what to do. Also if they hacked my system some other way, I don't see why iChat would warn me about it and not something else in the computer. Thanks!


  2. #2
    Join Date
    Aug 2001
    Location
    Grangeville, ID USA
    Posts
    9,119

    Default

    If you can, scrunch the window down and redo the screenshot. The page is way to big to be easily read.

    Rick
    molṑn labe'
    "I am a mortal enemy to arbitrary government and unlimited power. I am naturally very jealous for the rights and liberties of my country, and the least encroachment of those invaluable privileges is apt to make my blood boil."
--Ben Franklin

  3. #3
    Join Date
    Feb 2001
    Location
    on the landline, Mr. Smith
    Posts
    7,787

    Default

    Could be a worm.......Leap-A.


    See if any of this is present:

    OSX/Leap-A is an instant-messaging worm for the Mac OS X platform.

    The worm attempts to spread via the iChat instant messaging system, sending itself to available contacts on the infected users' buddy list in a file called latestpics.tgz.

    OSX/Leap-A attempts to infect recently used applications. OSX/Leap-A is an instant-messaging worm for the Mac OS X platform.

    The worm attempts to spread via the iChat instant messaging system, sending itself to available contacts on the infected users' buddy list in a file called latestpics.tgz. This file is an archive consisting of:

    latestpics: the worm executable
    ._latestpics: a hidden resource file designed to disguise the executable as a JPEG image

    OSX/Leap-A installs itself as an application hook by deleting the "apphook" subdirectory of either the /Library/InputManagers/ directory (if run with root permissions) or the ~/Library/InputManagers/ directory (if run as a non-root user) and replacing it with the following three files:

    apphook/Info
    apphook/apphook.bundle/Contents/Info.plist
    apphook/apphook.bundle/Contents/MacOS/apphook

    OSX/Leap-A attempts to infect recently used applications by overwriting the original application with a copy of the worm, storing the original application in the file's resource fork. Infected application files have the following extended attribute:

    name: oompa
    value: loompa

    OSX/Leap-A also creates the following temporary files:

    /tmp/pic.gz
    /tmp/pic
    /tmp/latestpics
    /tmp/lastespics.tar
    /tmp/lastespics.tar.gz
    /tmp/lastespics.tgz

    and several files under

    /tmp/apphook

    |
    "Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining." -- Jef Raskin

  4. #4
    Join Date
    Feb 2001
    Location
    on the landline, Mr. Smith
    Posts
    7,787

    Default

    Preventive steps would be to change your admin PW to something very secure, as well as other considerations.....depending on if you have this worm or something like it.

    More info on the worm you might have.

    Keep in mind that an infected buddy list, either for email of chat is the classic symptom of an infected machine, meaning the machine is infected and trying to chat you, not the human.
    "Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining." -- Jef Raskin

  5. #5
    Join Date
    Mar 2001
    Location
    Virginia... where one Democrat CAN make a difference
    Posts
    2,929

    Default

    Sounds more like Hockeyshot has the worm and not brosenblatt07
    Damien,

  6. #6
    Join Date
    Feb 2001
    Location
    on the landline, Mr. Smith
    Posts
    7,787

    Default

    Very likely. Not having dealt with it, not sure if having a chat with an infected machine will infect the recipient.......better to be safe than sorry at this point.
    "Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining." -- Jef Raskin

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •