updated 05:40 pm EDT, Wed October 27, 2010
Hides as a video via social networking, email
SecureMac and Intego, among other security firms, today alerted the Mac community to a new Trojan threat, trojan.osx.boonana.a (Intego gives it the name OSX/Koobface.a), which is spreading via social networking sites like Facebook and e-mail. The trojan appears as a link in messages with the subject "Is this you in this video?", and when users click on the link, a Java applet downloads an installer, which modifies system files to bypass passwords and other protections.
Boonana affects both Mac OS X and Windows, and sets itself up to run invisibly in the background at next startup, allowing outside access to files. It periodicially checks in with servers and spreads itself via further spam messages. Mac users are advised to disable Java on their web browsers and avoid clicking email links that claim to point to videos.
Although this is not the first trojan for the Mac to take advantage of exploits in browser Java, this is a rare instance of one that works on both major platforms simultaneously. SecureMac has released a free removal tool, directly downloaded here.