Here's an article about what Andy Welch is calling the "oompa loompa" trojan, whose payload is screenshots of the next revision of Mac OS X, and which tries to propagate itself via iChat.

Thank God I never have touched iChat, and therefore don't have a buddy list.

I guess we're looking for a file called "latestpics.tgz" That's the one that has the code.

And so I'd like to take this opportunity to welcome Mac OS X to the real world. The party is over. Still, I personally wouldn't mind seeing screenshots of OS X's next interface. I am fed up with Tiger already and looking for the next revision.

OS performance on my machine has dropped down to "slow and crappy" and I have no idea how to fix it. Beachballs have increased, application performance has degraded in Adope apps... it's the same old "performance degrades with use" bullshit that I maintain has plagued OS X from the start. The more you use the operating system, the slower and worse it gets... until you do a full reinstall. Highly inefficient way to work. Not good for pros.

If anyone catches this virus--er, TROJAN, or what Symantec is calling a WORM... whatever, I hope they'll post the screenshots here. We're such a harmless little Mac "rumor" site, that we're not likely to get a cease and desist from Apple, lol.

It's going to be interesting to watch for the spin now. I'm sure Apple will pull out all the stops to minimize this trojan as a threat. Not to mention try to keep those screenshots under wraps.

.
Here's the Apple spin:

quote:

“Leap-A is not a virus, it is malicious software that requires a user to download the application and execute the resulting file,” said Apple.

http://www.macworld.com/news/2006/02/16/oompa/index.php

Not a virus. Malicious software. Duh.
.

I saw that news also. It looks like for it to actually start propagating itself the user has to be pretty dense as the phony JPG image starts a Terminal session were the user then has to give it permission to install.

MCafee's Response

If you are using Adobe's Bridge that thing accumulates GIG's of cache data. How full are your hard drives.

I am using Adobe's Bridge. But my hard drives have plenty of room. The 400 gig (really 372.61GB) has 265 free. The 250 has 147 free. The only thing that's alarming is that performance seems to be getting worse with time. Whatever this is might have been exacerbated by the last OS update, who knows.

I've run all my crons like a good little geek, I've done First Aid and permissions repair.

Oh, the other nut-driving thing is the new Suitcase... slow as shit. Never quits without forcing. Done everything in my power there to get it to run right with no luck. Diagnosed all my fonts. The only issue was that stupid Helvetica thing with the scrambled font bug (if you use T1 Helvetica).

Suitcase is always one of the usual suspects, so that's why I keep an eye on it. Unfortunately there's a few things I can't live without. VPN, Suitcase, Quickeys. But I'd have to say OS X performance is at an all time frustrating low for me right now. Seemed to be much better when I first got the G5. It's a lot more squirrely now.

I lost use of my USB 2.0 Sandisk SD card reader after X.4.4. Even going back did not help. It just does not work any more.

I would check your User-Library-Font folder. If you find any fonts in there try removing them.

I am waiting on the delivery of one of these units. I have been running out of space. I also found at BestBuy a 74GB Raptor drive for $160 which was a good price. I reinstalled the system onto this drive. My 36GB Raptor is going to be my scratch disk. My data will be in the new unit on a Western Digital 320GB drive. I am doing away with ATA altogether. The Firmtek unit takes two additional drives.

So you already know what I would suggest.

you're so funny telling me to check my user library font folder. I don't think I've ever had a single font in there since the debut of OS X. Extensis says to trash the pref files, which I take to mean they have no idea what's wrong. I've done that a thousand times to no avail.

Or, rather, I do it, all my font sets are purged (which I then have to go recreate)... the program quits if there are no fonts loaded in the database. The minute I start adding fonts and sets, the program refuses to quit during a restart. And remember, this is OS X in a pro setting, so unfortunately I restart a lot.

I saw that news also. It looks like for it to actually start propagating itself the user has to be pretty dense as the phony JPG image starts a Terminal session were the user then has to give it permission to install.

I could be in charge of NORAD’s computers and all it would take to bring down the entire defense network of the United States would be some email with a program inside that said "See the latest screenshots of Trixie in her wet T."

But I don't use OS X much so the country is safe.

Hey, I want to set the trojan off, just so I can see the screenshots. It's not only the first major OS X virus, it's the first X-Man virus!

The one link I read talked about how this trojan is a socially engineered attack. The recipient must take an active role in it's success. There are no screenshots.

Installing software can place fonts in the user library font folder.

Do you have all the appropriate plug ins installed for Suitcase to autoactivate needed fonts. How many fonts do you have turned on at any given time. What is the normal work load.

Did you upgrade to the Fusion Suitcase?

Yes, upgraded to Suitcase Fusion. No, no user fonts. That directory is bone dry.

I have all the appropriate plugins for auto activation. These CRAWL. When I open a document and Suitcase loads the required fonts, it takes friggin' FOREVER. In Quark, Illustrator, InDesign... just ridiculous. It used to be much, much faster.

I probably have under a hundred fonts and families loaded at any given time. In my Suitcase database, there's jeez, I dunno, thousands. The only massive conflict that gave me hell was the fact that I wanted to load the full Helvetica T1 family, rather than use Apple's TrueType version. That led to the scrambled text bug. But the Apple version doesn't have as many faces.

Hey, I thought there WERE screenshots, there's just a bug in the code where they don't pop up like they're supposed to. But you can find them and open them.

I know we have probably been over some of this before I am pretty sure you have a totally seperate folder with all your design fonts. In Tigers Library Font folder only the system fonts should be in there. I would not put any other fonts than the bare essentials for the system. Suitcase can manage design fonts from their own folder.

Do all one hundred fonts need to be open. They are actively being used or you just have one hundred fonts open. Having a hundred fonts open is quit a bit.

I think the idea of screenshots is what makes the user the willing participant in the trojan scheme. There are no real screenshots just the trojan worm.

quote:

I probably have under a hundred fonts and families loaded at any given time. In my Suitcase database, there's jeez, I dunno, thousands.

Geez, Brother Thalo, you sure knew it before that OS X can't handle anything this massive (laugh). Treat this awful OS like a baby, give it a handful of fonts and all is good.
Sorry, i could't resist. And you're using a 2,5 Dually, omg.

LOL, I know brother smithz, I know.

A 2.7 dually. With 8 gigs of RAM. And it can't handle a peasley HUNDRED fonts? That's including Apple's. I thought I WAS keeping it down to a handful. I thought I WAS babying its ass. A hundred is nothing compared to what I USED to keep open in the legacy.

No, of course they're not actively being used all the time. But they are the ones most likely to be needed when I open work. Mostly it's the big, famous faces. Stuff like Helvetica, Garamond, Futura, and so forth. Then I use Suitcase mostly to add specific display faces.

And so I was caught between a rock and a hard place... WAIT friggin' 15 minutes every time I open a document, or leave the fonts loaded.

I have a separate folder for all my design fonts. It's located in my home directory. It's a font library folder organized by FontDoctor, so each font is in a separate directory alphabetically within the main library folder. So for Example, Helvetica is in a folder "H" within the Font library folder, along with all other fonts that begin with H.

Back to the trojan. Damn. Just social engineering, eh? How disappointing. All it tells me is that the next rev of OS X isn't WORTH getting all hopped up about. Its screenshots aren't good enough to rate being broadcast by malware, lol.

It's funny to see X-Men downplay this in most of the major forums. Most of them completely deny that their blessed iChat has a major honkin' hole in it that allows this thing to spread. The social engineering is just to get them to launch and install. Not carefully how it becomes a VOCABULARY issue the instant something rocks their world. Everyone's just figuring out what to call it, instead of discussing the fact that OS X's cherry is broken.

I would try taking the folder FontDoctor set up and place it at the root level of the drive your OS is on. It sounds like you have it buried inside the User folder.

Is this clear?

How is this trojan a vocabulary problem. Any system is only as secure as the user. This type of hacker attack is not new and relies on the stupidity of the user.

The trojan is a vocabulary problem because if you read the other forums, almost all the discussion is whether it's a virus, trojan, worm, malware, yadda yadda. And to me, vocabulary discussions are always a diversion to avoid talking about the real issue. When people flip out and struggle with how to label something, it's always an indicator of how serious their concern is about that thing.

OK, wait, BURIED in the User folder? Putting a folder in the user folder is burying it? Please man. Seems to me Apple used to lecture us old greybeards (used to being superusers) that the home directory was the new root level.

You must have fallen asleep at the lecture.

When you open up the volume your OS is on the Finder window displays the root level of the drive. If you put any thing into one of those folders that object i.e. file folder or font is not at the root level of that drive. They become part of the folder/s they are in then the root level.

Now I am certain we have had Suitcase discussions before so the last thing I would have suggested was to put your design fonts any where but the root level of the volume your OS is on or place them on an entirely different volume which I vaguely remember you doing in the past.

If you have your design fonts in any folder used by the OS either User or System move them to the root level of the drive your OS is on or an entirely different partition. You will probably have to point Suitcase towards the new location.

As for the word play on the "first OS X" trojan worm virus is largely a part of the virus "protection" software companies idea of how to generate revenue. The hype is generated by those companies. They want and need trojans worms and viruses. If you probably looked at the employee list of these companies the people on their payroll are most likely former trojan worm virus writers.

OK, to humor you, I placed the folder in the root level. Same story. No improvement. I purged the app yet again, added all my fonts yet again (always crashes here unless I do it in small batches)... redid all my sets yet again.

Still dogshit slow, and still refuses to quit after about a day of use.

Yes, I used to put the fonts on a completely different drive. That was slower. Even though I set my hard drives never to spin down, there was a marked delay in retreiving font data from them. No idea why.

Look, as you know, I'm willing to try anything. But the conclusion that I keep running into, is that OS X is piece of crap, and a lot of the apps written for it can't really work around that fact.

No need to humor me. I am only trying to get your system working properly. It is hard enough troubleshooting when the machine is right in front of me. Over the internet does not make it easier.

I could look at this purely as an X-critic S.O.S. Example you were convinced OS X is crap by using your Photoshop wiggle test. How long did you use that test 2 years 3 years. Everytime OS X failed your Photoshop wiggle test. Then one day I think it was the Mighty One stepped in saying your wiggle test is flawed. He pointed out that checking or unchecking some preference in PHOTOSHOP was all that was needed to pass your test.

For all I know you have OS X beta code running on the Dual 2.7 by never doing a full install since then. Instead your system has baggage piggybacked from 2001. Correct me if I am wrong but the first thing you did when you received the new Dual 2.7 was crash the system importing Seabiscuits baggage.

If Suitcase is having problems importing your design fonts then when was the last time you ran FontDoctor on your design fonts folder?

Hey, trust me, I know you are trying to help. Sorry, brother, for taking my frustrations out on you. I am only trying to get my system to work properly too.

This certainly could be an Extensis problem. But based on how poorly OS X performs --for me-- I have no trouble saddling some of the blame with it. If there's some little pref switch that screws me up, it's not intuitive enough for me to find. It's like Photoshop, where you have to ask if it makes sense to default the app in a way that underperforms. Or to put such a setting deep enough in the interface that people miss it. OR, to have an OS that behaves flaky enough that it either ignores, or sets prefs in a way that is screwed up. There's PLENTY of examples where that happens.

For instance, the aforementioned "spin down hard drives" checkbox. I swear I've heard hard drives spin down WHILE I WAS LOOKING at the unchecked box in that pref. I've had Quicktime completely disobey pref settings (play sound only in foremost window). I'm willing to admit part of this is me... but holy crap, OS X and apps for OS X don't make it easy. And they should. The whole idea of the OS and software is to make life easier. That it doesn't, is part of the big con-job.

I just saw a DVD called "The Corporation." You've gotta see it. It's a bit of a left-leaning documentary, but it really does show how corporations give a rat's ass about anything but the bottom line. There is no oversight on Apple to make software that works.

I used to go on and on about how they sold their soul... the way they USED to be on a mission, to make the Finder and so forth intuitive and usable for the average user...and therefore the average pro user. That seems to me to have gone completely out the window.

Something as important as font management is to pros, you'd think we'd be further along. And yet look at it. Have you tried to manage with Font Book? I have. Terrible. Simply doesn't work. Suitcase seems to be getting worse and worse with every OS X revision.

I diagnose my fonts with Font Doctor every time I troubleshoot this issue. And Extensis recognizes the issue... it's on their site as a known issue. But they tell you to trash prefs, which as I've said, is the same thing as saying "not fixed yet."

Until somebody can find the mistake I'm making that makes my font management life miserable, I have to assume it's a combination of OS X, and Extensis. Suitcase should be install and go go go. It should work. Every time I spend almost a hundred bucks on a revision, I expect it to work better. It doesn't. It's like giving these guys free money. And that's what I've objected to year after year.

Stuff should work. Software shouldn't be a constant battle. Not when you have top of the line hardware, and expensive software licenses. It's maddening when crap doesn't work. Absolutely maddening.

Blame the victim if you want. That's what X-Men often do. I really don't care. If I'm missing some geek detail that will make Suitcase work more consistently, I'll be the FIRST to do it and say I overlooked it. But I'm not a complete retard, and so far it's eluded me.

And so I think it's the way OS X deals with fonts in a pro setting. Because the only way I differ with average X-Men who DON'T have these headaches, is probably number of fonts.

The same way in the Finder my hell is probably a result of number of FILES. This platform is exceedingly pro unfriendly for many things that my biz hinges on. All I do is throw money at the problem, and STILL I watch things deteriorate over time. I'd have to say right now my install of Tiger is a mess. It feels like a mess. And all I've done, all, is work. I haven't hacked, or beta'd or anything but be a good little adopter... paid my licensing fees, upgraded every app to the latest version. And I continue to struggle. Performance continues to be unacceptable in key areas: Finder, Fonts, Interface.

Sick of it. Frustrated.

Your frustration is righly justified.

The computer industry hardware and software all have us over a barrel. Look at this MacCentral follow up on the Leap-A trojan. The author and another person tried testing just what the malware(their term) does once you launch it. They could not get it to do anything. Ironically it was Intego makers of VirusBarrier X4 anti-virus software who helped them to get the malware to accually do what it is supposed to do. So the software company had to explain how to make it work. How insane is that.

I found this support page at Extensis. There is a PDF download linked on the page for a document titled: Fonts Best Practices Guide. From my experience the designers have 1,500 to 2,000 fonts to work with. I first set up the machines with the design fonts in their User Font folders. One older machine an AGP G4 the topographer worked with could not load the fonts set up this way. Suitcse would just spin and spin. I moved the fonts to the root level of the OS HD which cleared this problem. I went back and set up all the other machines this way.

The only problems I have seen happen when to many fonts are opened at once. One designer had all the fonst open which brought the machine to a crawl. That was on Dual 1.8 machine. We are still running Panther. So in Panther there is a Suitcase bug that does not automatically hid Suitcase on start up. The only remedy is an Applescript to hid Suitcase because it does not do it on its own.

FontBook when launched can import and duplicate fonts in the System which happened to my machine at home. This brought my machine to a crawl. FontBook dutifully showed all the conflicts it created.

We are still using Suitcase X11. It just took 5 or 6 weeks to receive an order for printer ink because of the bureaucracy I have to deal with so upgrading software comes low on the list.

There is other Font management software.

FontAgent Pro

MasterJuggler

I have never used or know anyone who uses either of these Font Management apps.