toggle

AAPL Stock: 119 ( + 1.4 )

Printed from http://www.macnn.com

Variant of "Boonana"/"Koobface" trojan surfaces

updated 03:10 am EDT, Thu November 4, 2010

Collects user info; removal tool available

The SecureMac team along with ESet Security have identified a new variant of the trojan horse malware they call "Boonana" (Intego and other firms refer to it as a form of the Windows trojan "Koobface," for reasons SecureMac disputes) that uses even crueler trickery in an attempt to convince users to install it. In addition, the companies has identified new servers actively collecting keylogged data such as user names and passwords. Though easy to prevent infection or remove if infected, the refined setup and misleading nature may fool novice users.

Now called trojan.osx.boonana.b, the variant like its previous version is actually able to run on all three major platforms because of its exploit of a multi-platform vulnerability in Java. Turning off Java in the web browser is an effective way to prevent the Trojan from even trying to install, but users should also be suspicious because although advertising itself as a video, the Trojan asks for the administrative password to install itself in order to work.

The new version may appear as a message on Facebook or other social networks, or as an email, and in some cases advises the recipient that "as you are on my friends list, I thought I would let you know I have decided to end my life. For reasons that will be clear please visit my video on this site. Thanks for being my friend. :(" with a link to a video (purported to be on YouTube or Facebook or other popular video sites).

If the user clicks the link, a Java applet installer is launched asking for administrative access and to "allow" other applets from the same server. Should the user still go forward, SecureMac says "the installer then modifies system files to bypass the need for passwords, allowing outside access to all files on the system. Additionally, the trojan sets itself to run invisibly in the background at startup, and periodically checks in with command and control servers to report information on the infected system. While running, the trojan horse hijacks user accounts to spread itself further via spam messages." The company has identified a total of three sites updating the code of the variant and collecting information from the infected machines.

SecureMac says that as of yesterday, the malware servers were still up and running, thus increasing the risk of the variant being more successful at spreading than the previous version, which was malformed and never carried much risk of being successful in its attacks. SecureMac offers a free removal tool and requires Mac OS X 10.5 or higher (manual removal instructions for users on earlier systems is included).

[Details on the wording of the variant and graphic via ESet Security]






by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

    Comment buried. Show
  1. wrenchy

    Joined: Dec 1969

    -30

    Here come the viruses.


    Welcome to the world of Anti-Virus and malware protection Mac Fans. You want increased market share for OSX? Then you'll have to deal with the rest of the baggage.

    Where's the smugness now? It's only going to get worse from here.

    If an iPad can get hacked from clicking a button on a website, what else can happen??

    Suck it iBoys.

  1. Hillbilly Geek

    Joined: Dec 1969

    +10

    gee, wrenchy

    you sound... tense. Take an Apple, it's good for the digestion.

  1. facebook_Michael

    Via Facebook

    Joined: Nov 2010

    +9

    these attacks only work on simple-minded...

    folk who have no clue.

    Nothing can protect them from social engineering attacks like this.

    @wrenchy, this isn't even close to the tons of c*** that can attack Windows.

  1. nitram_again

    Joined: Dec 1969

    +2

    Turn off Java

    I went to turn off Java in Safari only to discover I'd done it already some time ago. No ill effects noted so far.

  1. MacnnReader

    Joined: Dec 1969

    +7

    Wrenchy is a bitter boy

    The fact that i can get malware on Windows without doing anything but go to a compromised web site is not my fault. The fact that I can only get malware on a mac by putting in my admin password is not my fault. Go home and get some therapy dude.

  1. MacScientist

    Joined: Dec 1969

    0

    Although there appears to be not much here,

    the most important question is sidestepped. That question is "Is there any evidence that this Java malware can do anything on a Mac if it is properly installed."

  1. testudo

    Joined: Dec 1969

    -8

    @Michael

    these attacks only work on simple-minded...folk who have no clue.

    Nothing can protect them from social engineering attacks like this.


    Right. Just like most of the attacks on Windows. But most Mac users skip over that fact...

  1. Mr. Strat

    Joined: Dec 1969

    +2

    Let the myths continue

    Here we go again...as Macs become more popular...yada...yada...yada...

    It ain't about market share. It's about how S***** Windows is designed.

    I take the same stance as before on this one - Ooooo...I'm scared!

  1. IxOsX

    Joined: Dec 1969

    +1

    Wrenchy the buried

    @Wrenchy: Is nice to see that exists, "windows only" people using this forums. By the way! Have you any OSX machine? Just curious. But there is one thing I advise you before speak about Virus and Security on non Windows Systems, learn some computer architecture and kernel security. After that check the global picture and have an exempt conclusion. If you keep your words, then you have a big problem.

  1. charlituna

    Joined: Dec 1969

    +1

    i wonder

    what this new one click facebook login 'feature' will do to help out such sites. Because right now I can change my facebook log in and lock out such malware. But as I understand it, with this new feature, if I do that, it will change for everything I ever logged in. Hopefully there are details that haven't been explained that cover how they are preventing such attacks. Not that I would fall for them but I can't say that about my family (especially my mother)

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

IDrive cloud backup and sync service

There are a lot of cloud services out there, and nearly all of them can be used for backing up key files and folders. A few dedicated ...

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

MaxUpgrades 512GB Retina MacBook Pro SSD

Apple's Retina line of MacBook Pro notebooks have been impressive, right from their debut in 2012. Thinner than the previous model, t ...

toggle

Most Commented