You may be seeing instances of Sophos finding lots of infections on OS X machines. We (OSCR staff) have been investigating this and have come to the conclusion that Sophos is producing false positives.

If you think a machine is infected with one of the Inqtana worms open terminal and do a 'locate' for the following files. If you do not find these files then the machine is not infected. It is also important that you do not follow Sophos advise and delete the "infected" files. Deleting these important application files will most certainly cause many headaches for the average Mac user.

Inqtana-B:
applec0re.tgz
environment.plist
pwned.dylib

Inqtana-A:
w0rm-support.tgz
com.openbundle.plist
com.pwned.plist

To keep running Sophos and getting updates, searching for infections, etc but not allowing Sophos to cripple legitimate, clean, applications. Change the Sophos prefences to not take any action upon finding infected files. To do this, open the Sophos client -> Preferences -> Disinfiction -> uncheck the box "Action Infected Files".

Finally, both of these worms spread via Bluetooth. I am seeing reported infections on my OS X desktop which has no bluetooth devices....hmmmmm?

Update your Mac OS X SOPHOS IDEs again.

According to SOPHOS: "It's probably a false positive in the detection. We are going pull that detection until we can correct the matter."

After updating the IDE files, there is no problem. SOPHOS must have written an incorrect IDE file.