InqTana Bluetooth Worm member Kevin has published a paper
detailing the techniques he used in the development of the InqTana
Bluetooth worm that targets vulnerable Mac OS X systems. There has been
significant confusion surrounding this worm, so here are some salient

  • The concurrent release of the OS X Leap.A and InqTana.A worms is coincidental
  • There is no conspiracy, AV vendors and Apple were notified about
    Kevin's progress in developing this worm in advance of making details
    publicly available
  • Both 10.3 and 10.4 systems are vulnerable until patched with APPLE-SA-2005-05-03 and APPLE-SA-2005-06-08
  • InqTana prompts before infecting *by design*, Kevin was just trying to be nice, but the worm could easily spread silently

Kevin's paper is available at Comments can be directed to the BlueTraq
mailing list. Our sympathies to those organizations who were affected
by the false-positive signatures published by overzealous AV companies.

From the


Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s