updated 01:35 am EDT, Tue November 2, 2010
Koobface/Boonana threat largely disabled, rare
Intego, a security company that makes Mac products for protecting against malware and other threads, followed up their initial report on the Trojan Horse threat they call "OSX/Koobface.A" and others call "Boonana," and labelled its risks as "minimal," saying that the original threat it might have posed had been largely disabled by community awareness and IRC support.
The company took the unusual step of criticizing its competitors for characterizing the malware as "critical," pointing out that the original trojan was flawed, and that actual Mac infections have been exceedingly rare (Intego does not report or count any Linux or Windows infections in their report; because the trojan is Java-based, the malware works on those platforms as well).
Although Intego admits that some of the conditions that caused them to dismiss the threat could change to present more of a danger, or open opportunities for variant threats to appear, they presently believe that the risk to Mac users is virtually non-existent, as the servers the trojan relies on contacting to spread itself have been identified, isolated (and in most cases were never working properly to start with).
Intego's follow-up reseach on OSX/Koobface.A showed that it did not run properly on Snow Leopard, and that both the presence of a Java alert and the appearance of an installer that asks for a user's administrative password to allegedly view a video that the user is said to appear in kept the odds of users installing the Trojan low. For those who have been infected, SecureMac offers a free removal tool which can be directly downloaded here.
The program also tries to contact various servers, including some IRC servers, all of which have been identified and all but one of which is presently off-line or blacklisted. The company believes that variants of this trojan horse will pose possible future threats, but critics counter that the company (and its competitors in the Mac arena) have a vested interest in fostering fear of security and virus threats against the Mac.