SecureMac has reported a new Mac Trojan it calls trojan.osx.boonana.a spreading through social networking sites (Facebook is mentioned by name), passing itself off as a video and using the well-worn “Is this you in this video?” social engineering hook so familiar to connoisseurs of Windows malware. And in fact, this threat is also associated with specific Windows malware.
The description suggests a Trojan downloader (a Java applet) that leads to the running of an installer that modifies system files so that an outside attacker doesn’t need passwords to access the system, and checks a C&C server (standard botnet stuff) periodically. Apparently it’s also being spammed out through email.
More information at http://prmac.com/release-id-17529.htm. Mac World have also referenced the SecureMac posting at http://www.macworld.co.uk/digitallifestyle/news/index.cfm?newsid=3246123.
While this threat can be mitigated by turning off Java in your browser (SecureMac give instructions for turning it off in Safari), even better protection is afforded by staying alert for blatant social engineering.
David Harley CITP FBCS CISSP