more info
Two versions of this Trojan horse exist, and the Intego Virus Monitoring Center immediately developed updated virus definitions, which it released on February 14, 2006, as soon as it discovered this threat, ensuring that VirusBarrier X and VirusBarrier X4 eradicate the Oompa-Loompa Trojan horse. All Intego VirusBarrier X and VirusBarrier X4 users should make sure that their virus definitions are up to date by using the NetUpdate preference pane in the Mac OS X System Preferences.
Initially appearing in a compressed file called latestpics.tgz, this Trojan horse, after being decompressed, appears to be a graphic file. When a user double-clicks it, expecting to see a picture, the program inserts a file called apphook.bundle in the user's InputManagers folder which then ensures that it is replicated in all other Cocoa applications the user launches. Using Spotlight, the Trojan horse searches for the four most recently used applications, then infects them. The apphook.bundle Input Manager attempts to send a copy of the original file, latestpics.tgz, to every person on a user's iChat buddy list. Since users see this file coming from friends and colleagues, they are inclined to assume that it is safe, and therefore double-clicks the file a first time to decompress it, and a second time to attempt to "view" it.