THOMPSON

A worm known as Leap-A, also known as Oompa-A, is the first known to be capable of infecting Mac OS X. It was first reported in a MacRumors.com forum on Feb. 13th. It spreads through the iChat instant messaging system by forwarding itself as a file called latestpics.tgz to contacts on the infected users’ buddy list. When launched, it can damage software applications and the operating system. OSX/Leap-A (or OSX/Oomp-A) is not particularly menacing and is classified by most as non-threatening. Apple has yet to comment. Check out these other links for more info:

• MacRumors
• Sophos
• Symantec
• Ambrosiasw
• McAfee

Is your server operating a bit slowly? Does your browser freeze when connecting to the internet? Is your Symantec Norton Anti-Virus Corporate software not updating? Are you running APC PowerChute?
Chances are the former are connected to the latter. I recently came across a clients server that was running Windows 2000 Server operating system and had the aforementioned symptoms. These symptoms just so happened to present themselves shortly after the discovery of the Zotob viruses. Everything seemed to check out fine with the server, all scans produced no malicious creatures.
“Why will it not connect to the internet with Internet Explorer? Why does it seem to hang for a very long time when I try to access the control panel?”
After very extensive sleuthing and various technical support phone calls, the problem was narrowed down to two specific processes directly related to APC PowerChute: “pbeserver.exe” and “pbeagent.exe”.
Whew! What a relief! I was sure it was some kind of new virus that would not be immediatley removable and the lengthy, tideous process of completely rebuilding the server would have to commence.
Believe it or not, the solution to my dilemma was actually publically posted on APC’s website on June 27, 2005. You can find it here. Apparently “due to the expiration of the Sun Java Runtime Environment certificatec for versions 6.x of PowerChute Business Edition, it will cease to operate normally as of July 27, 2005. Failure to upgrade will result in PowerChute Business Edition no longer providing monitoring and graceful shutdown of your system” among other things.
Problem solved! Good luck!

The Zotob worm and several variations (Rbot.cbq, SDBot.bzh and Zotob.d) infected a number of computers over the weekend.

The worms spread using the TCP/IP port 445, associated with Windows file sharing, and take advantage of the Plug and Play system bug to seize control of the operating system. The infected computers are then able to attack other systems. These viruses also disable the Windows Update service.
Microsoft released a “critical” patch for the vulnerability a week ago, highly recommended for computers running Windows 2000 operating systems. Those computers can be accessed remotely through the operating system’s “Plug and Play” hardware detection feature. Protective patches and instructions for cleansing infected systems are available on the company’s web site.