1. Technology
You can opt-out at any time. Please refer to our privacy policy for contact information.

Leap.A aka Oompa-Loompa virus


IMPORTANT NOTE: The Leap.A worm has no similarities and is not related to March 2007 reports of the oompa loompa song repeatedly playing on Windows PCs. For details and a fix of the Oompa Loompa song on startup problem, see the "Oompa Loompa Song on Startup" entry. The following description is of the MacOSX Leap.A worm:

Leap.A, aka Oompa-Loompa Virus

Also known as:

Oompa-Loompa, OSX/Oomp-A, Leap.A, CME-4, MacOS/Leap, MacOS/Leap!tgz, OSX.Leap.A, OSX/Leap


iChat worm and Mac OS X 10.4 virus


Mac OS X 10.4 (Tiger) running on PowerPC processors


February 14, 2006


The Leap.A (aka Oompa-Loompa) infects applications in Mac OS X 10.4 (Tiger) running on PowerPC processors. Upon infection, Leap.A (aka Oompa-Loompa) sends itself to the infected user's contacts via iChat.
The sent attachment is named latestpics.tgz. The extracted latestpics.tgz file contains latestpics, which appears to have a .jpg icon. In reality, the icon is being faked by a second, hidden file, named _latestpics.

Impact of Infection:

Leap.A installs itself differently depending on the rights of the logged in user. If the user is logged in as an administrator, Leap.A installs itself to the /Library/InputManagers/ directory.

If the user is not logged in as admin and does not have root permissions, the Leap.A virus will install to the ~/Library/InputManagers/ directory.

In either case, the files installed/replaced are:


The Leap.A worm has also been dubbed Oompa-Loompa because it assigns the following extended attribute to application files it infects:

name: oompa
value: loompa

  1. About.com
  2. Technology
  3. Antivirus Software

©2014 About.com. All rights reserved.