According to this it is more severe than initially thought. While it still can't dig into your operating system, it can infect user-owned applications, and it does send itself to anyone in your buddy list. There is no payload- but it will prevent infected apps from launching.
The moral of the story? Regardless of what OS you use, when somebody sends you a zipped file and claims it's a picture, it PROBABLY ISN'T. Like most OSes, OSX disables file-name extensions for known types by default. From the Finder menu, if you go into Preferences, on the Advanced tab, you can check the box "Show all file extensions", which, while not a fix, does protect you if you read the file extension. The icon of the application was set to look like an image icon, but if you see an extension that is different (or no extension which is what you'd see on a Unix executable), unless you know and trust the source, don't open it. If you're not sure, select the file and type i, and an info window appears and it TELLS YOU whether or not the file is an executable.
This virus only infects files that are not owned by root. The following steps prevents that infection from occuring, but is COMPLETELY UNEEDED if you remember to check the content of strange downloads to ensure that they are the file they claim to be. The following will make it more difficult to update and modify your applications, and may break compatibility with the OSX Software Update tool.
To prevent files from being infected, go into a Terminal (Available in /Applications/Utilities) and type the following:
All of your apps will be listed, and the first few characters will look like this: "drwx...". Those are the file system protections- ensure that EVERY APP IN THERE has either the letter "d" as the first character or a "-". If you see anything else, this is a potentially unsafe fix- it means that the SUID bit may be set, and the next step will be DANGEROUS.
Once you've ensured that the SUID bit is NOT SET, type the following:
sudo chown root *
It will prompt you for a password, the one associated with your user account will do.
cd Utilitiesand repeat the same process as above, starting with the
That will prevent it from infecting any of those applications. This will also prevent you, as a normal user, from updating or modifying those applications- they are owned by root, preventing changes to them. The only way to change that back is to go into the terminal,
cdto the appropriate directory, and
sudo chown YOUR_ACCOUNT_NAME APP_NAME.
This is a simple fix to prevent infection, but simply DON'T click on strange attachments until you have checked the file type, and you shouldn't need to do this.