Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

New Java-Based Malware Targets Mac OS X, But Threat Level Disputed

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,489
30,728



135706-koobface_alert.jpg


Security alert dialog box generated by malware's installation attempts
Yesterday, Mac antivirus firm SecureMac issued an alert regarding a new piece of malware capable of infecting systems running Mac OS X by using a trojan horse method of entry to deploy a Java-based payload enabling a wide variety of nefarious functions.
The trojan horse, trojan.osx.boonana.a, is spreading through social networking sites, including Facebook, disguised as a video. The trojan is currently appearing as a link in messages on social networking sites with the subject "Is this you in this video?"

When a user clicks the infected link, the trojan initially runs as a Java applet, which downloads other files to the computer, including an installer, which launches automatically. When run, the installer modifies system files to bypass the need for passwords, allowing outside access to all files on the system. Additionally, the trojan sets itself to run invisibly in the background at startup, and periodically checks in with command and control servers to report information on the infected system. While running, the trojan horse hijacks user accounts to spread itself further via spam messages. Users have reported the trojan is spreading through e-mail as well as social media sites.
Click to expand...
Rival antivirus firm Intego responded with a notice of its own, downplaying the imminent threat from the malware due to the fact that it does not appear to functioning as intended.
While Intego has evidence of several infections in the wild, we are not currently able to go beyond this step, as either the malicious malware has bugs preventing it from running correctly, or the servers it contacts are not active or are not serving the correct files.

Potentially, if it installs correctly, it functions the same as the Koobface worm running on Windows. It runs a local web server and an IRC server, acts as part of a botnet, acts as a DNS changer, and can activate a number of other functions, either through files initially installed or other files downloaded subsequently. It spreads by posting messages on Facebook, MySpace and Twitter, usually trying to get people to click a link to view some sort of video.

While this is an especially malicious piece of malware, the current Mac OS X implementation is flawed, and the threat is therefore low.
Click to expand...
Both companies have conveniently noted that they offer products capable of identifying and eliminating the malware, although users without protection software should be alerted by the malware installation generating a Mac OS X dialog box regarding the attempted action.

Article Link: New Java-Based Malware Targets Mac OS X, But Threat Level Disputed
 
Article Link
https://www.macrumors.com/2010/10/27/new-java-based-malware-targets-mac-os-x-but-threat-level-disputed/
Lucky736

Lucky736

macrumors 6502a
Jan 18, 2004
994
662
US
If you're dumb enough to type your admin password, and sometimes username, along with clicking enter to something you have no idea about.... you deserve it.
 
Bonch

Bonch

macrumors 6502
May 28, 2005
442
1
Lithuania
There isn't much business for anti-virus Mac OSX software. They might make more money developing iPhone fart apps.
 
D

Durendal

macrumors 6502
Apr 12, 2003
287
1
Callous as it may sound, anyone who lets Facebook install anything on their computer, especially something that asks for your password (does this even do that?), is an idiot. Sadly, idiots abound in the computer world. Just take a look at that intellectual hellhole known as Yahoo Answers. It's horrifying.
 
Yvan256

Yvan256

macrumors 603
Jul 5, 2004
5,081
998
Canada
How do we completely delete Java from our system? I'm guessing a Spotlight search for "Java" will reveal most folders, but is there some other places to look for?
 
RichardI

RichardI

macrumors 6502a
Feb 21, 2007
568
5
Southern Ontario, Canada
What are the odds that one of the companies mentioned in the original post would hire a hacker "under the covers" to create viruses and malware for the Mac so that they could then sell more anti-virus software?:confused:

Rich :cool:
 
saving107

saving107

macrumors 603
Oct 14, 2007
6,384
33
San Jose, Ca
Lucky736 said:
If you're dumb enough to put your admin password, and sometimes user name along with it, in and click enter to something you have no idea about and don't see any of those as a flag...... you deserve it.
Click to expand...

read the article again,

which downloads other files to the computer, including an installer, which launches automatically. When run, the installer modifies system files to bypass the need for passwords, allowing outside access to all files on the system.
Click to expand...
 
Fafafoooey

Fafafoooey

macrumors member
Jun 13, 2007
77
18
USA
Pos

Java is just as bad as Flash. Security holes in it all over the place. Now that Oracle has taken over Sun, it will just get worse as Oracle is just a bigger Adobe.
 
Yvan256

Yvan256

macrumors 603
Jul 5, 2004
5,081
998
Canada
The first, fastest and easiest way to counter such a problem is to uncheck the "Enable Java" checkbox in your Safari preferences. I haven't enabled Java in well over four years anyway.
 
B

Bevz

macrumors 6502a
Oct 23, 2007
816
137
UK
saving107 said:
read the article again,
Click to expand...

So, is it true that this trojan can instal itself without the need for the user to type an admin password? If so, this seems a slightly higher level of threat to the usual "if you're dumb enough to type in your password..." type of trojans in the past...

I understand the article seems to suggest it, but is this behaviour confirmed?
 
gguerini

gguerini

macrumors regular
Jun 28, 2007
203
1
Don't worry guys. Apple just dropped the support for Java on Lion!! :D:D
See, there was a reason. And you guys complaining... hahaha
 
L

leodavinci0

macrumors 6502
Jan 26, 2006
323
0
Bevz said:
So, is it true that this trojan can instal itself without the need for the user to type an admin password? If so, this seems a slightly higher level of threat to the usual "if you're dumb enough to type in your password..." type of trojans in the past...

I understand the article seems to suggest it, but is this behaviour confirmed?
Click to expand...


They are not clear, which seems deliberate. Trojans are not like viruses, trojans require the user to accept it, thus the name. Since they say it runs an installer and modifies system files, it is probably requesting a password for the system through the installer. Note that all infections to date on Macs require the user to input their password to become infected. As stated above, anyone who actually gives the installer, that auto runs after playing the video, your password is not being cautious or educated and deserves it as a means of learning the hard way not to do this. There will never be a way to stop Trojans on any OS, it's the viruses that are the real threat.

Still no viruses for Macs.
 
jp102235

jp102235

macrumors regular
Apr 20, 2010
126
0
western us
if not java - what?

Fafafoooey said:
Java is just as bad as Flash. Security holes in it all over the place. Now that Oracle has taken over Sun, it will just get worse as Oracle is just a bigger Adobe.
Click to expand...

wow, didn't know that - java applets were sold to us very secure - the whole sandbox concept. I see why sj wants to put that in the past - but what can replace it?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom