Mac Trojan Horse Discovered: Boonana/Koobface

Oct 27, 2010 - 10 Comments

A trojan horse has been discovered that affects Mac OS X users, dubbed “trojan.osx.boonana.a” or ‘Koobface.’ An infected machine will hijack users social network accounts and attempt to spread the trojan further by sending out spam messages from your username.

Thus far the trojan has been spread through Twitter, Facebook, MySpace, and eMail. Here is the method of operation:

The trojan behaves like a worm, by trying to bait users on various social networks to click a link. The link asks “Is this you in this video?” and, if clicked, will send a user to another website which attempts to load a Java applet, giving the user a standard Mac OS X Java Security Alert and certificate request.

mac trojan horse koobface

If the Java applet is allowed to load, it will download files to your local machine and then start a background process which attempts to propagate the trojan. You can simply click on “Deny” to prevent any further trouble, which prevents the malicious code from loading.

Intego explains the trojan as follows:

This threat is a Mac OS X version of the Koobface worm, which is served as part of a multi-platform attack via a malicious Java applet. The malware itself is made up of a number of elements, though in order to simplify, we will use the term β€œTrojan horse” to describe it. (Technically, it propagates as a worm, is installed via a Trojan Horse, and installs a rootkit, backdoor, command and control, and other elements.)

The trojan also effects Windows users. The easiest way for Mac and Windows users to protect themselves from the trojan is to avoid clicking dubious links from untrusted sources and to deny sketchy Java applets. Another option is to disable Java in your web browser.

If you are concerned that you have been affected by the Koobface trojan, you can get a free removal tool through SecureMac, who rates the risk as “Critical.” Currently the download link sends you to MacScan, but this is expected to change when the removal tool is released.

.

Related articles:

Posted by: Manish Patel in Mac OS, News, Security

10 Comments

» Comments RSS Feed

  1. […] piΓΉ interessante virus dello scorso anno Γ¨ stato senza dubbioΒ Koobface/Bonanna: durante la navigazione su alcuni siti web di social network, veniva installata un’applet Java […]

  2. […] Mac Trojan Horse Discovered: Boonana/Koobface […]

  3. […] the popularity of Macs growing the likelihood of viruses appearing increases. Just recently a new trojan called Boonana Koobface appeared that affects Mac users. If you’re concerned with getting a virus on your Mac, why […]

  4. RocRizzo says:

    OK, so it’s out there. Now if only someone had a way to remove it. A quick google search shows no way to remove this garbage from OSX.

  5. […] rozsiewany jest przez portale spoΕ‚ecznoΕ›ciowe i e-mail informacjΔ™ podaje za portalem osxdaily Mac Trojan Horse Discovered: Boonana/Koobface Cytuj […]

  6. Robin says:

    Meh, these are not a big deal. A much bigger security breach is Firesheep on wireless networks, THAT you should worry about.

  7. Stefano Lavori says:

    I do use myspace :)

  8. harvey says:

    This must be the least concerning trojan ever, does anyone actually click those spam links you see in facebook? come on

    and nobody uses myspace anymore

    • Gary says:

      Agreed. Even Intego considers this an extremely low risk

    • Sudhir says:

      It seems my Mac is infected, I got my email clogged with at least 20 ‘Mailer-Demon, could not deliver return emails.
      And my existing contact had an email from my address.
      I suspect the trojan has send emails from my id to all the contacts current and previous. The pervious perhaps explains the returns in my inbox!!! Annoyed to say the least!!!
      Dunno what I should do. as this has happened twice in last 4 days!
      There was flash installation request which I said ‘yes’ to; after a bit of hesitation, as I had a bug in my old Windows laptop! A hesitated, and then though, I got a Mac, so, it wont get infected….. it did though!
      Any advice would be appreciated to get the trojan out would be appreciated!!!

Leave a Reply

 

Shop on Amazon.com and help support OSXDaily!

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates

Tips & Tricks

News

iPhone / iPad

Mac

Troubleshooting

Shop on Amazon to help support this site