On the evening of the 13th, an unknown user posted a link to a file on MacRumors Forums claiming to be the latest Leopard Mac OS X 10.5 screenshots. The file was named "latestpics.tgz"
The resultant file decompresses into what appears to be a standard JPEG icon in Mac OS X but is actually a compiled Unix executable in disguise. An initial disassembly (from original discussion thread) reveals evidence that the application is a virus or was designed to give that impression. Routines listed include:
The exact consequences of the application are unclear, but according to the users that originally executed the application have noted that it appears to self propogate:
If anyone remembers last night, when lasthope spread that picture that opened in terminal. I just turned on my other computer and it said it had an incoming file, from my computer, which was the latest pics file. Any help. I have already secure deleted it off of my harddrive, but how do i know that it will not come back.
Andrew Welch who had done some of the initial disassembly is posting updates to this thread.
According to the initial investigation, the application uses Spotlight to find the other applications on the infected machine and subsequently inserts a stub of code into each application executable.
Forum Cowmunity Leader: OSX
Forum Cowmunity Leader: Indie & Doc
Search your drives for this file "latestpics.tgz" If you find it, don't launch it, just delete it. I wouldn't worry to much about finding it/downloading it online by accident at this point. I don't think you could find it even if you tried.