Mac Trojan Horse Discovered: Boonana/Koobface
A trojan horse has been discovered that affects Mac OS X users, dubbed “trojan.osx.boonana.a” or ‘Koobface.’ An infected machine will hijack users social network accounts and attempt to spread the trojan further by sending out spam messages from your username.
Thus far the trojan has been spread through Twitter, Facebook, MySpace, and eMail. Here is the method of operation:
The trojan behaves like a worm, by trying to bait users on various social networks to click a link. The link asks “Is this you in this video?” and, if clicked, will send a user to another website which attempts to load a Java applet, giving the user a standard Mac OS X Java Security Alert and certificate request.
If the Java applet is allowed to load, it will download files to your local machine and then start a background process which attempts to propagate the trojan. You can simply click on “Deny” to prevent any further trouble, which prevents the malicious code from loading.
Intego explains the trojan as follows:
This threat is a Mac OS X version of the Koobface worm, which is served as part of a multi-platform attack via a malicious Java applet. The malware itself is made up of a number of elements, though in order to simplify, we will use the term βTrojan horseβ to describe it. (Technically, it propagates as a worm, is installed via a Trojan Horse, and installs a rootkit, backdoor, command and control, and other elements.)
The trojan also effects Windows users. The easiest way for Mac and Windows users to protect themselves from the trojan is to avoid clicking dubious links from untrusted sources and to deny sketchy Java applets. Another option is to disable Java in your web browser.
If you are concerned that you have been affected by the Koobface trojan, you can get a free removal tool through SecureMac, who rates the risk as “Critical.” Currently the download link sends you to MacScan, but this is expected to change when the removal tool is released.
[…] piΓΉ interessante virus dello scorso anno Γ¨ stato senza dubbioΒ Koobface/Bonanna: durante la navigazione su alcuni siti web di social network, veniva installata unβapplet Java […]
[…] Mac Trojan Horse Discovered: Boonana/Koobface […]
[…] the popularity of Macs growing the likelihood of viruses appearing increases. Just recently a new trojan called Boonana Koobface appeared that affects Mac users. If you’re concerned with getting a virus on your Mac, why […]
OK, so it’s out there. Now if only someone had a way to remove it. A quick google search shows no way to remove this garbage from OSX.
[…] rozsiewany jest przez portale spoΕecznoΕciowe i e-mail informacjΔ podaje za portalem osxdaily Mac Trojan Horse Discovered: Boonana/Koobface Cytuj […]
Meh, these are not a big deal. A much bigger security breach is Firesheep on wireless networks, THAT you should worry about.
I do use myspace :)
This must be the least concerning trojan ever, does anyone actually click those spam links you see in facebook? come on
and nobody uses myspace anymore
Agreed. Even Intego considers this an extremely low risk
It seems my Mac is infected, I got my email clogged with at least 20 ‘Mailer-Demon, could not deliver return emails.
And my existing contact had an email from my address.
I suspect the trojan has send emails from my id to all the contacts current and previous. The pervious perhaps explains the returns in my inbox!!! Annoyed to say the least!!!
Dunno what I should do. as this has happened twice in last 4 days!
There was flash installation request which I said ‘yes’ to; after a bit of hesitation, as I had a bug in my old Windows laptop! A hesitated, and then though, I got a Mac, so, it wont get infected….. it did though!
Any advice would be appreciated to get the trojan out would be appreciated!!!