Press Releases

Browse our press release archive

17 Feb 2006

79% believe Mac will be targeted more often in wake of Leap-A Mac OS X worm

Most computer users believe Macs will be targeted more often in future. Image copyright (c) Sophos
Most computer users believe Macs will be targeted more often in future.

A web poll of more than 600 computer users*, conducted by Sophos in the wake of the discovery of the first Mac OS X worm, has revealed that 79% believe Apple Macintoshes will be targeted more in future. However, over half of those polled said they did not believe the problem would be as great as for Windows.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, advised users yesterday of the discovery of the OSX/Leap-A worm, which can spread via the iChat instant messaging system.

"The bad news is that most people think the situation is going to get worse for Macintosh users, and more threats will be targeted against the Apple community. The good news is that most don't believe it will ever be as big a problem as the one Microsoft Windows faces," said Graham Cluley, senior technology consultant for Sophos. "What's perhaps surprising is that there are a hardcore element of 21% who believe that threat attempts against Mac users will not grow."

"The correct response is to remain calm and take sensible measures to protect your Mac computers in future," continued Cluley. "The Leap-A worm isn't in itself a significant threat, but it should act as a helpful reminder that malware can be written for any computer and that the best protection is through sensible best practise, firewalls, security patches and anti-virus technology. Mac users cannot keep thinking that they are invulnerable to these threats."

Survey results

Leap-A is the first virus for OS X. Do you think in the future Macs will be targeted more often?

Yes, but not as much as Windows

* Sophos web poll, 16-17 February 2006, 617 respondents.

Is Leap-A a virus or a Trojan?

Some members of the Apple Macintosh community have claimed that OSX/Leap-A is a Trojan horse, and not a virus or worm, because it requires user interaction (the user has to receive a file via iChat, and manually choose to open and run the file contained inside).

However, this is not the definition of a Trojan horse.

A Trojan horse is a seemingly legitimate computer program that has been intentionally designed to disrupt and damage computer activity. Importantly, Trojan horses do not replicate or have any mechanism of spreading themselves. They have to be deliberately planted on a website, or accidentally shared with another user, or spammed out to email addresses. There is nothing inside a Trojan's code to distribute themselves further to other victims.

Trojan horses do not contain any code to distribute or spread themselves, viruses and worms do.

OSX/Leap-A is programmed to use the iChat instant messaging system to spread itself to other users. As such, it is comparable to an email or instant messaging worm on the Windows platform. Worms are a sub category of the group of malware known as viruses.

Therefore, it is correct to call OSX/Leap-A a virus or a worm. It is not correct to call OSX/Leap-A a Trojan horse.

Disclaimer: Please bear in mind that this poll is not scientific and is provided for information purposes only. Sophos makes no guarantees about the accuracy of the results other than that they reflect the choices of the users who participated.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at