Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Oct 27, 2010, 12:59 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
New Java-Based Malware Targets Mac OS X, But Threat Level Disputed






Security alert dialog box generated by malware's installation attempts
Yesterday, Mac antivirus firm SecureMac issued an alert regarding a new piece of malware capable of infecting systems running Mac OS X by using a trojan horse method of entry to deploy a Java-based payload enabling a wide variety of nefarious functions.
Quote:
The trojan horse, trojan.osx.boonana.a, is spreading through social networking sites, including Facebook, disguised as a video. The trojan is currently appearing as a link in messages on social networking sites with the subject "Is this you in this video?"

When a user clicks the infected link, the trojan initially runs as a Java applet, which downloads other files to the computer, including an installer, which launches automatically. When run, the installer modifies system files to bypass the need for passwords, allowing outside access to all files on the system. Additionally, the trojan sets itself to run invisibly in the background at startup, and periodically checks in with command and control servers to report information on the infected system. While running, the trojan horse hijacks user accounts to spread itself further via spam messages. Users have reported the trojan is spreading through e-mail as well as social media sites.
Rival antivirus firm Intego responded with a notice of its own, downplaying the imminent threat from the malware due to the fact that it does not appear to functioning as intended.
Quote:
While Intego has evidence of several infections in the wild, we are not currently able to go beyond this step, as either the malicious malware has bugs preventing it from running correctly, or the servers it contacts are not active or are not serving the correct files.

Potentially, if it installs correctly, it functions the same as the Koobface worm running on Windows. It runs a local web server and an IRC server, acts as part of a botnet, acts as a DNS changer, and can activate a number of other functions, either through files initially installed or other files downloaded subsequently. It spreads by posting messages on Facebook, MySpace and Twitter, usually trying to get people to click a link to view some sort of video.

While this is an especially malicious piece of malware, the current Mac OS X implementation is flawed, and the threat is therefore low.
Both companies have conveniently noted that they offer products capable of identifying and eliminating the malware, although users without protection software should be alerted by the malware installation generating a Mac OS X dialog box regarding the attempted action.

Article Link: New Java-Based Malware Targets Mac OS X, But Threat Level Disputed
MacRumors is offline   0 Reply With Quote
Old Oct 27, 2010, 01:01 PM   #2
TennisandMusic
Guest
 
Join Date: Aug 2008
Hmm...it's starting?
TennisandMusic is offline   0 Reply With Quote
Old Oct 27, 2010, 01:02 PM   #3
Lucky736
macrumors 6502a
 
Join Date: Jan 2004
Location: TX or MI
Send a message via AIM to Lucky736 Send a message via Yahoo to Lucky736
If you're dumb enough to type your admin password, and sometimes username, along with clicking enter to something you have no idea about.... you deserve it.
Lucky736 is offline   0 Reply With Quote
Old Oct 27, 2010, 01:03 PM   #4
Bonch
Banned
 
Join Date: May 2005
Location: Lithuania
There isn't much business for anti-virus Mac OSX software. They might make more money developing iPhone fart apps.
Bonch is offline   0 Reply With Quote
Old Oct 27, 2010, 01:06 PM   #5
Durendal
macrumors 6502
 
Join Date: Apr 2003
Callous as it may sound, anyone who lets Facebook install anything on their computer, especially something that asks for your password (does this even do that?), is an idiot. Sadly, idiots abound in the computer world. Just take a look at that intellectual hellhole known as Yahoo Answers. It's horrifying.
Durendal is offline   0 Reply With Quote
Old Oct 27, 2010, 01:07 PM   #6
koobcamuk
macrumors 68040
 
koobcamuk's Avatar
 
Join Date: Oct 2006
Quote:
Originally Posted by TennisandMusic View Post
Hmm...it's starting?
My thoughts exactly.

And so, it begins.

This is what happens when average joe starts buying things I like.
__________________
Flickr® | Life in Japan | Backup your Mac, NOW!!
koobcamuk is offline   0 Reply With Quote
Old Oct 27, 2010, 01:08 PM   #7
Yvan256
macrumors 601
 
Yvan256's Avatar
 
Join Date: Jul 2004
Location: Canada
How do we completely delete Java from our system? I'm guessing a Spotlight search for "Java" will reveal most folders, but is there some other places to look for?
Yvan256 is offline   0 Reply With Quote
Old Oct 27, 2010, 01:09 PM   #8
RichardI
macrumors 6502a
 
RichardI's Avatar
 
Join Date: Feb 2007
Location: Southern Ontario, Canada
What are the odds that one of the companies mentioned in the original post would hire a hacker "under the covers" to create viruses and malware for the Mac so that they could then sell more anti-virus software?

Rich
__________________
iMac 27", i7, 8 Gb. ram, HD5750/1Gb, 1TB. Hard Drive, OSX 10.9.X Logitech wireless mouse, wired keyboard, iPod Shuffle (2nd G) 1 Gb.
RichardI is offline   0 Reply With Quote
Old Oct 27, 2010, 01:09 PM   #9
morespce54
macrumors 65816
 
morespce54's Avatar
 
Join Date: Apr 2004
Location: Around the World
So what does it have to do with a "PhotoAlbum" certificate?
__________________
..:.::.:.:.::..:.: Oh, I get it. It's very clever :.:.::.:.:.::.:..:.::..:.::.:..:.::.:.::.:.::..
DO NOT OPERATE YOUR COMPUTER UNDER THE INFLUENCE!
morespce54 is offline   0 Reply With Quote
Old Oct 27, 2010, 01:09 PM   #10
Xian Zhu Xuande
macrumors 6502a
 
Xian Zhu Xuande's Avatar
 
Join Date: Jul 2008
Quote:
Originally Posted by TennisandMusic View Post
Hmm...it's starting?
Probably an observation like this in every thread discussing every would-be threat for every year since OS X was initially released.
Xian Zhu Xuande is offline   0 Reply With Quote
Old Oct 27, 2010, 01:10 PM   #11
saving107
macrumors 603
 
saving107's Avatar
 
Join Date: Oct 2007
Location: San Jose, Ca
Quote:
Originally Posted by Lucky736 View Post
If you're dumb enough to put your admin password, and sometimes user name along with it, in and click enter to something you have no idea about and don't see any of those as a flag...... you deserve it.
read the article again,

Quote:
which downloads other files to the computer, including an installer, which launches automatically. When run, the installer modifies system files to bypass the need for passwords, allowing outside access to all files on the system.
__________________
When I want to vent I must take it to the internet to get satisfaction, because people must know I am not happy.
saving107 is offline   0 Reply With Quote
Old Oct 27, 2010, 01:12 PM   #12
sacredgeometry
macrumors newbie
 
Join Date: Jan 2009
Didnt they just release a java update? maybe it was to address this
__________________
17" Unibody MBP 2.9ghz 8gb ram
17" MBP 2.8ghz 4gb ram
Mac Pro
sacredgeometry is offline   0 Reply With Quote
Old Oct 27, 2010, 01:13 PM   #13
IMPMAC
macrumors member
 
Join Date: Mar 2009
What ever happened to the sandboxing thing in Java?
__________________
24" Aluminum iMac, 3.06GHz, 4 GB RAM DDR3, 1 TB HD, NVIDIA GeForce GT 130 with 512MB memory
IMPMAC is offline   0 Reply With Quote
Old Oct 27, 2010, 01:16 PM   #14
alpharuin
macrumors newbie
 
Join Date: Mar 2007
Only days after Apple announces they will stop developing Java for Mac...
alpharuin is offline   0 Reply With Quote
Old Oct 27, 2010, 01:17 PM   #15
zeemeerman2
macrumors 6502
 
Join Date: Feb 2010
I expect a security system update this evening to be rolled out fixing this issue.
zeemeerman2 is offline   0 Reply With Quote
Old Oct 27, 2010, 01:19 PM   #16
Fafafoooey
macrumors member
 
Join Date: Jun 2007
Pos

Java is just as bad as Flash. Security holes in it all over the place. Now that Oracle has taken over Sun, it will just get worse as Oracle is just a bigger Adobe.
Fafafoooey is offline   0 Reply With Quote
Old Oct 27, 2010, 01:20 PM   #17
4JNA
macrumors 68000
 
4JNA's Avatar
 
Join Date: Feb 2006
Location: looking for trash files
Quote:
Originally Posted by Lucky736 View Post
If you're dumb enough to Join social networking sites... you deserve it.
there, fixed that for you.
__________________
KATE: RISC architecture is gonna change everything. DADE: Yeah. RISC is good.
4JNA is offline   0 Reply With Quote
Old Oct 27, 2010, 01:22 PM   #18
Yvan256
macrumors 601
 
Yvan256's Avatar
 
Join Date: Jul 2004
Location: Canada
The first, fastest and easiest way to counter such a problem is to uncheck the "Enable Java" checkbox in your Safari preferences. I haven't enabled Java in well over four years anyway.
Yvan256 is offline   0 Reply With Quote
Old Oct 27, 2010, 01:25 PM   #19
Bevz
macrumors 6502a
 
Join Date: Oct 2007
Location: UK
Quote:
Originally Posted by saving107 View Post
read the article again,
So, is it true that this trojan can instal itself without the need for the user to type an admin password? If so, this seems a slightly higher level of threat to the usual "if you're dumb enough to type in your password..." type of trojans in the past...

I understand the article seems to suggest it, but is this behaviour confirmed?
__________________
27" iMac (2010) | 13" MacBook Pro | TV2 | iPhone 4 32gb | iPad3
If you work in the NHS in the UK, you may want to check out my app: NHS Reference
Bevz is offline   0 Reply With Quote
Old Oct 27, 2010, 01:28 PM   #20
IMPMAC
macrumors member
 
Join Date: Mar 2009
I found a potential video that could be something

__________________
24" Aluminum iMac, 3.06GHz, 4 GB RAM DDR3, 1 TB HD, NVIDIA GeForce GT 130 with 512MB memory
IMPMAC is offline   0 Reply With Quote
Old Oct 27, 2010, 01:29 PM   #21
gguerini
macrumors regular
 
Join Date: Jun 2007
Location: São Paulo, Brazil
Don't worry guys. Apple just dropped the support for Java on Lion!!
See, there was a reason. And you guys complaining... hahaha
gguerini is offline   0 Reply With Quote
Old Oct 27, 2010, 01:29 PM   #22
Carlanga
macrumors 603
 
Carlanga's Avatar
 
Join Date: Nov 2009
Location: PR
I bet you that SecureMac created this malware....
__________________
☻ "A dream you dream alone is only a dream...
... A dream you dream together is reality." ☻
Carlanga is offline   0 Reply With Quote
Old Oct 27, 2010, 01:31 PM   #23
leodavinci0
macrumors 6502
 
Join Date: Jan 2006
Quote:
Originally Posted by Bevz View Post
So, is it true that this trojan can instal itself without the need for the user to type an admin password? If so, this seems a slightly higher level of threat to the usual "if you're dumb enough to type in your password..." type of trojans in the past...

I understand the article seems to suggest it, but is this behaviour confirmed?

They are not clear, which seems deliberate. Trojans are not like viruses, trojans require the user to accept it, thus the name. Since they say it runs an installer and modifies system files, it is probably requesting a password for the system through the installer. Note that all infections to date on Macs require the user to input their password to become infected. As stated above, anyone who actually gives the installer, that auto runs after playing the video, your password is not being cautious or educated and deserves it as a means of learning the hard way not to do this. There will never be a way to stop Trojans on any OS, it's the viruses that are the real threat.

Still no viruses for Macs.
__________________
- 13" MacBook Pro, 2.26GHz, 2G RAM, 500 GB HDD, Mac OS 10.6.4
- iPhone 3GS
- Airport Express, BT Mouse and Keyboard
leodavinci0 is offline   0 Reply With Quote
Old Oct 27, 2010, 01:33 PM   #24
jp102235
macrumors regular
 
Join Date: Apr 2010
if not java - what?

Quote:
Originally Posted by Fafafoooey View Post
Java is just as bad as Flash. Security holes in it all over the place. Now that Oracle has taken over Sun, it will just get worse as Oracle is just a bigger Adobe.
wow, didn't know that - java applets were sold to us very secure - the whole sandbox concept. I see why sj wants to put that in the past - but what can replace it?
jp102235 is offline   0 Reply With Quote
Old Oct 27, 2010, 01:34 PM   #25
frunkis54
macrumors 65816
 
frunkis54's Avatar
 
Join Date: Apr 2009
Quote:
Originally Posted by IMPMAC View Post
I found a potential video that could be something

the only potential problem i see is a can't watch the above video
frunkis54 is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Janicab.A Malware Targets Computers Running OS X and Windows MacRumors Mac Blog Discussion 20 Jul 25, 2013 01:38 AM
Apple Releases Java Updates for OS X, Including Malware Removal Tool MacRumors MacRumors.com News Discussion 59 Feb 21, 2013 01:34 PM
Apple Blocks Java 7 Plug-in on OS X to Address Widespread Security Threat MacRumors MacRumors.com News Discussion 247 Jan 19, 2013 02:22 PM
Mid Level Mac Mini outperform base Level Imac 21.5 (2011) tears2040 Mac mini 9 Oct 26, 2012 05:27 AM
How to trigger event based on volume level ericbreiter Mac Programming 2 Aug 24, 2012 01:30 PM

Forum Jump

All times are GMT -5. The time now is 06:39 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC