SecureMac discovered a new trojan that affected users of Mac OS X

Loop in Sight ^ | November 4, 2010

[Swordmaker]

In late October, SecureMac discovered a new trojan that affected users of Mac OS X. On Thursday, the company posted a warning that a new variant of the trojan has been discovered.

The new variant was discovered by security firm ESET. The original trojan attempted to trick users into installing the software, but the servers hosting the new variant appear to be hosting updated code for the malware, according to SecureMac.

The servers distributing the updated malware also appear to contain keystroke logs from infected machines, including usernames and passwords, the company said.

Microsoft has also documented the trojan for both Mac and Windows, rating the threat level for both operating systems as severe. SecureMac rates the security risk of the malware as being critical.

Only Intego has rated the threat level as minimal, contradicting Microsoft, SecureMac and ESET’s interpretation of the malware’s threat to users.

SecureMac released a free tool to detect and remove the malware. It is available for download from the company’s website. Instructions to manually remove the malware are also available from SecureMac.

[DainBramage]

bump

[Swordmaker]

ALERT! ALERT! ALERT!

New Mac OSX Trojan Discovered... this trojan—Trojan.OSX. boonana.a & b—also has code which infects Windows (Trojan.Windows.boonana.a) and Linux (Trojan.Linux.boonana.a) machines. PING!

The rating on this trojan for OSX, Linux, and Windows is SEVERE! It includes a key logger, and reportedly seeks passwords and credit cards. The Windows version causes the infected the machine to join a spambot.

Currently, Apple OSX will not recognize this new Trojan as malware, as it is new and not in its malware definition files, but OSX WILL WARN YOU that you are downloading an application or applet from an untrusted website and that it does not have a valid certificate.

DO NOT CONTINUE!
... and certainly
DO NOT INSTALL IT!

Please! No Flame Wars!
Discuss Issues, Software, and Hardware.
Don't attack people!
Please Ignore the anti-Apple thread trolls!

Apple Security Warning Ping!

If you want on or off the Mac Ping List, Freepmail me.

[DollyCali]

well just DAMN

if true

we cant be as smug anymore can we?

nor as non diligent

JUST DAMN

[Swordmaker]

we cant be as smug anymore can we?

There were already 17 known Trojans variants in the wild for OSX... in three families... this is must two more in a fourth family. Compare that to over a million malware for the other platform... OSX will warn you about the other three families and as soon as Apple gets out a security update, it will warn you about downloading this one too.

[MaryFromMichigan]

Many thanks for keeping us up to date!

[riri]

Bfl

[deks]

Which is the best antivirus software for Mac, in your opinion?

[PugetSoundSoldier]

Compare that to over a million malware for the other platform

Just curious, how many of those million will affect up-to-date, patched Windows 7 installations?

[doyle]

SecureMac may have modified its analysis of this Trojan.

see: http://www.securemac.com/boonana-b-bulletin.php

[kevkrom]

Which is the best antivirus software for Mac, in your opinion?

OS X.

There are no known viruses for OS X; Trojans, such as this, require the user to actually do something, typically accomplished through misdirection or trickery.

[ReignOfError]

The best anti-malware for any platform is between the chair and the keyboard. This trojan, for example, is an IM or e-mail purportedly from a friend; it then points to a fake YouTube video, actually a Java applet, which then requires an admin password to install. It’s what hackers call “social engineering.”

That said, ClamXav is free, robust, free, frequently updated, and free. I run it every few months just to make sure I haven’t picked up a Windows virus I might unwittingly pass on. It has yet to find anything.

[Swordmaker]

Just curious, how many of those million will affect up-to-date, patched Windows 7 installations?

How many Windows users are on Windows7 at last count? 29%? There are a couple of zero day Internet Explorer exploits that have yet to be patched that are in the wild right now that will walk through the protections for the older systems...

[TheBattman]

What does this file mascarade as to get users to give permission to install? Is it primarily just for idiots who let every little randomly downloaded to their machines without their initiating the download, and despite warnings that it was downloaded from the internet, and not from a trusted site?

[deks]

Thanks for the replies...yes, I’m usually alert for any funny stuff that could be a security risk, but I’m not invulnerable, just an average user. So I have Intego VirusBarrier X6 for any kind of malware...and it includes a firewall that I can understand a little better than the options that are given in the OS X firewall.

[Swordmaker]

SecureMac may have modified its analysis of this Trojan.

Yeah, they have added that the Linux variant can now join a botnet...

[Swordmaker]

What does this file mascarade as to get users to give permission to install? Is it primarily just for idiots who let every little randomly downloaded to their machines without their initiating the download, and despite warnings that it was downloaded from the internet, and not from a trusted site?

From what I understand it comes as a link in an email with the text that it is a YouTube of a vide the sender thinks includes YOU in the video... just click on here and instead of a YouTube you get a YouTube look alike site and then it wants to download an app to allow you to view the video. If you accept the aplet, you are then asked to allow the install of the application... which is the Trojan. It takes industrial strength stupid to ignore the warnings OSX puts up about the site being an untrusted site and that the security certificate is not valid... and then installing from the web... etc. But some users are industrial strength stupid and just HAVE to see that video. Some people just have to go see the varmint...

[PugetSoundSoldier]

Thanks for the non-answer...

[rmlew]

Did you hear that Apple is discontinuing the XServe, rackable servers as of January 31?

This is giant "We're just not that in to you" to enterprise customers. The Mac Pro may work for mid-sized busnesses and the Mac mini will work with small businesses. But Apples foray into corporate America is over.

[Swordmaker]

Did you hear that Apple is discontinuing the XServe, rackable servers as of January 31?

Yes... I just posted it and pinged the list... Apple offers new Mac Pro Server configuration to replace Xserve

I don't think it's a good move.