Ambrosia Software and Intego identified Oompa-Loompa, consisting of a compressed malicious application, masquerading as a JPEG file.

For Oompa-Loompa to do damage a user must decompress the file, open the fake JPEG, and enter their administrator password.

F-Secure’s offering is a concept worm they created, called OSX/Inqtana.A and takes advantage of a security hole in 10.4.1 already patched by Apple.

The OSX/Inqtana.A requires the user to accept 3 separate Bluetooth file transfers.

In other words, much ado about nothing.

No system can be infected without multiple decisions on the part of the user.

Correction:

I am curious about one thing, F-Secure doesn’t offer a Mac product, so why are they writing and publishing demonstration worms?

My mistake, I misunderstood the article. F-Secure did NOT produce OSX/Inqtana.A as a proof of concept. They just seem to be the first to jump on the bandwagon this week.