Boonana trojan horse attacks Mac OS X

October 27th, 2010 at 1:58 PM  No Comments

Mac’s don’t get viruses, right? Wrong. SecureMac is warning of a new trojan marked “trojan.osx.boonana.a” that affects all versions of Mac OS X including the latest version of Snow Leopard. In typical non-creative fashion, the virus is spreading through social networking sites disguised as a video.

When a user clicks the infected link, the trojan initially runs as a Java applet, which downloads other files to the computer, including an installer, which launches automatically. When run, the installer modifies system files to bypass the need for passwords, allowing outside access to all files on the system. Additionally, the trojan sets itself to run invisibly in the background at startup, and periodically checks in with command and control servers to report information on the infected system. While running, the trojan horse hijacks user accounts to spread itself further via spam messages. Users have reported the trojan is spreading through e-mail as well as social media sites.

Because the exploit is Java based, it’s cross platform, meaning this also can hit Windows users. However, given any self respecting Windows user is/should be running a decent anti-virus program their exposure should be more limited. This is one of the first cross platform virues, but not the first for the Mac. As SecureMac points out, as Apple’s marketshare grows their exposure to virus and other malware attack vectors increase.

The easy way to protect yourself from this attack is, not to click stupid links. However, turning off Java inside your browser unless you need it is another recommended method. SecureMac has released a free removal tool to eliminate this threat, which can be downloaded directly from their website.

Is imitation always a form of flattery?

October 25th, 2010 at 9:52 PM  No Comments

I have seen many different viruses pose to be a security suite on a users machine, requesting them to put in their credit card info and preventing them from surfing the Internet until they do.  This practice is not new, but I think this is the first time I have seen a virus mimic a current security software to instate some credibility into their scam.

At the Windows Team Blog Eric Foster is reporting about a trojan that takes a page from these other well known scams and puts it’s own twist on it.  It actually mimics Microsoft’s free AV Solution, Microsoft Security Essentials except it prompts the user to install other security software and requests a credit card number.

Has Microsoft reached general acceptance of their security suite, enough for malware writers to start exploiting the name and the design?  Should companies like McAfee be worried?  I think so.

Apple OS X 10.6 to include anti-malware scanning

August 26th, 2009 at 12:43 PM  2 Comments

According to a report from The Mac Security Blog, a previously undocumented feature of Apple OS X 10.6 “Snow Leopard” is that it includes a built-in anti-malware scanner. While there are few details on exactly how this works, ZDNet seems to think that it has entered into some type of agreement with a commercial anti-virus company, as they have confirmed that it is not using the open-source ClamAV engine.

Currently the Security page on the Apple website makes no mention of the feature directly, but it does highlight some of the other security measures in place for Snow Leopard, and anti-phishing technologies built into Safari. At the bottom of the page Apple does acknowledge that “since no system can be 100 percent immune from every threat, antivirus software may offer additional protection.”


OS X 10.6 will be shipping this Friday, August 28.