Critical security risk posed by new ‘Boonana’ Trojan horse for OS X – CNET (blog)
A new Trojan horse malware that affects Mac OS X has been uncovered by Macintosh Security site SecureMac. The Trojan is called "trojan.osx.boonana.a" and is being disguised as a video and distributed through social-networking sites like Facebook.
The Trojan horse appears as a link on people's Facebook pages that may have the text "Is this you in this video?" in the link. When the link is clicked, the Trojan will run a Java applet that will download other files to the computer and run an installer automatically.
The Trojan will run in the background and appears to report system information to servers on the Internet, which can be a big breach of personal information. The Trojan also will attempt to spread itself by sending messages from the user account to other people through spam e-mail messages.
As with most Trojans, this will require you to enter your password to install the software and make modifications to the system, so be sure you never supply your password unless you specifically open an installer file and know and trust where that installer came from.
Unlike others in the past, this current Trojan was built in Java, and is cross-platform compatible so it can run in both Windows and in multiple versions of OS X, including the latest Snow Leopard release.
Expect antivirus and malware scanner software companies to release updated malware definitions to tackle this threat, but meanwhile be sure to verify with your friends that videos on their social media sites are legitimate. Additionally, if you run a video from an e-mail or Facebook site and it asks for a password, do not supply it with anything, quit the installer, and remove the video from your system.
The installer cannot do anything to your system if you do not supply your password, so unlike a virus that can self-propagate, this should be relatively easy to remove by just deleting the file. Once the Trojan is installed, however, removing its components will be a lot more difficult.
SecureMac has a removal tool for people who have installed this Trojan, so if you are unsure about whether your system is compromised, then we recommend you run the removal tool to be on the safe side: SecureMac Trojan Removal Tool.
For more information on this new threat, see the SecureMac Boonana security bulletin.
UPDATE: Security firm Intego has released a security bulletin of its own, mentioning they have been monitoring this threat for a while; In contrast to the bulletin by SecureMac, they call the threat level posed by this trojan relatively low given its flawed implementation in OS X. Nevertheless, it has potential to be developed into a more serious threat, so people should be aware of it and avoid it.
Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.
Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.
This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read our FAQ page at fivefilters.org/content-only/faq.php
Five Filters featured article: Beyond Hiroshima - The Non-Reporting of Falluja's Cancer Catastrophe.
