toggle

AAPL Stock: 113.99 ( + 1.98 )

Printed from http://www.macnn.com

Intego classifies new Mac trojan threat as "minimal"

updated 01:35 am EDT, Tue November 2, 2010

Koobface/Boonana threat largely disabled, rare

Intego, a security company that makes Mac products for protecting against malware and other threads, followed up their initial report on the Trojan Horse threat they call "OSX/Koobface.A" and others call "Boonana," and labelled its risks as "minimal," saying that the original threat it might have posed had been largely disabled by community awareness and IRC support.

The company took the unusual step of criticizing its competitors for characterizing the malware as "critical," pointing out that the original trojan was flawed, and that actual Mac infections have been exceedingly rare (Intego does not report or count any Linux or Windows infections in their report; because the trojan is Java-based, the malware works on those platforms as well).

Although Intego admits that some of the conditions that caused them to dismiss the threat could change to present more of a danger, or open opportunities for variant threats to appear, they presently believe that the risk to Mac users is virtually non-existent, as the servers the trojan relies on contacting to spread itself have been identified, isolated (and in most cases were never working properly to start with).

Intego's follow-up reseach on OSX/Koobface.A showed that it did not run properly on Snow Leopard, and that both the presence of a Java alert and the appearance of an installer that asks for a user's administrative password to allegedly view a video that the user is said to appear in kept the odds of users installing the Trojan low. For those who have been infected, SecureMac offers a free removal tool which can be directly downloaded here.

The program also tries to contact various servers, including some IRC servers, all of which have been identified and all but one of which is presently off-line or blacklisted. The company believes that variants of this trojan horse will pose possible future threats, but critics counter that the company (and its competitors in the Mac arena) have a vested interest in fostering fear of security and virus threats against the Mac.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

    Comment buried. Show
  1. wrenchy

    Joined: Dec 1969

    -23

    Here we go.


    Let's welcome all the new viruses and malware to the Mac platform.

    The new Mac ad: "We're no better than Windows... Only more expensive".

  1. chas_m

    Joined:

    +11

    You might try ...

    ... actually reading the article ...

    Trojans ≠ viruses.

    Malware (trickware particularly) has always been around. Macs still get 0.00001% of the amount of it that Windows users do.

    Even this one -- the most significant "threat" to come along in over a decade -- is essentially harmless, now disabled and with very little risk of anyone actually installing it. Some "threat."

    There's a reason why it's highly unlikely that there will ever be a real virus for OS X. But of course you're not sufficiently smart to understand why.

  1. dynsight

    Joined: Dec 1969

    +2

    Intego seems responsible

    Wow, nice to see a virus protection company speaking honestly about a threat, and commenting about other companies blowing things out of proportion.

    I will, based upon their reaction, look at their products... not saying I would buy it for my computer, but maybe my daughter's computer....

  1. Mr. Strat

    Joined: Dec 1969

    -1

    Hmmm

    Put this one down at the bottom of the FUD list with all the rest.

  1. IxOsX

    Joined: Dec 1969

    +2

    To Wrenchy the buried

    @Wrenchy: Windows people, usually became so happy when something happens on OSX, or on others Unix systems, or on Linux systems. Even this Trojan in OSX is a low danger treat that could be easily extinguish. In Windows we have thousands, I don't know even the real number. But if you "Only Windows" people want to have the some security that OSX or others systems have, you have to leave the Windows Kernel and change all the way it works, or maybe leave Windows Kernel and migrate to Unix or Linux based Kernel.

    Do not take me wrong, there is no system bullet prof. But are ones made to work on network since the kernel, and others like MS Windows made to interact with everything without security and network concerns. MS Windows had improved a lot his security in lots aspects, I know that, but the Windows Kernel is the some c*** since he was created. But that is just my vision of things.

  1. testudo

    Joined: Dec 1969

    -2

    Re: You might try ...

    Malware (trickware particularly) has always been around. Macs still get 0.00001% of the amount of it that Windows users do.

    Which just shows that the malware writers still don't see a benefit to making Mac software. Probably due to its low marketshare (as trickware is more social engineering than OS flaw).

    Even this one -- the most significant "threat" to come along in over a decade --

    And who came up with that statement? There've been better threats to OS X this decade (root kits, for example).

    is essentially harmless, now disabled and with very little risk of anyone actually installing it. Some "threat."

    I didn't realize it was disabled. The IRC servers it was trying to contact have been blacklisted, but that's the same stuff they do for Windows viruses. The only other way it's been 'disabled' is the stated 'community awareness', which I have no idea who they're talking about.

    There's a reason why it's highly unlikely that there will ever be a real virus for OS X. But of course you're not sufficiently smart to understand why.

    There's a reason for that. Because nobody wastes their time with 'real viruses' anymore. A real virus consists of an infected file that is transmitted to another person, who then ends up infecting other files (usually after the original is opened, but not necessarily).

    What most Mac people think of when they say 'virus' is a worm, because they all seem to want something that will spread over the internet without any user interaction. (The 'you get infected, then you try to find others to infect' type of malware).

    Most of the 'viruses' that people jabber on about on Windows are all just malware c*** and trojans, as well. Only a few are worms. But no one distinguishes between them.

  1. testudo

    Joined: Dec 1969

    -1

    Oh

    One other thing. It is quite simple to get someone to run a trojan or malware to perform all sorts of actions on your computer. The part where the malware writers s**** up is trying to get the root access instead of sitting in the user space. But then that would be discounted as a real 'threat' because it wouldn't have access to the system files, and apparently that's the only way to be called a threat.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

DoxieGo Portable Scanner

Sometimes, people need to scan things, but having a computer at hand to do so isn't exactly feasible. Maybe it's the home of a relat ...

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

toggle

Most Commented