Posted by: David Harley | October 29, 2010

Boonana Comment at Mac Virus

Someone has just posted a slightly spammy comment to one of my recent blogs that poses me something of a problem. It’s clearly intended to push a product/service, though it’s apparently a free beta right now. And in principle, Mac Virus doesn’t endorse or favour products, not even ESET’s, and especially not products we have no experience of. (Yes, I know WordPress puts in those annoying semi-random adverts, but they’re nothing to do with me, and I do intend to do something about it: it’s just not a priority.

On the other hand, much of the post is more or less on topic. To whit:

This is true, there is so little information available on Mac malware that the Koobface is still a bit of a mystery.

We do however know that it does NOT act as a drive-by download, so if you get asked to download a Java Application, do NOT click ‘allow’ or ‘download’.

Well, I actually think we know quite a lot about what ESET calls Java/Boonana.A or Win32/Boonana.A, depending on which component is detected. After all, I’ve been adding links as they’ve hit my radar for the past three days, and that adds up to a lot of data. Still, I agree that considering that most vendors see a few dozen new OSX-specific malicious binaries a week nowadays, the amount of reliable information that’s available on those malware families is not huge.

And yes, this is very much social engineering-focused malware: its initial attack is on the user, not on the platform, and it isn’t self-launching in the first instance. If you smell a rat when you get the authorise install prompt, the malware can’t change your system files so as to allow unflagged external access. Actually, most malware (Windows as well as OS X) relies partly or totally on conning the user into running a malicious application.

By the way, an additional resource: Sophos video at http://nakedsecurity.sophos.com/2010/10/29/video-cross-platform-malware-runs-on-windows-mac-and-linux/?utm_source=twitterfeed&utm_medium=twitter.

David Harley CITP FBCS CISSP
Mac Virus Administrator
Small Blue-Green World

About these ads

Posted in David Harley, Java/Boonana.A, OSX/Koobface.A, trojan.osx.boonana.a, Win32/Boonana.A | Tags: , , , , , , , , , , , , ,

«
»

Responses

  1. Hey David,

    It’s great that you have been blogging more frequently the last few days.
    Keep up the good work!

    By: Johan on October 30, 2010
    at 14:09

    Reply

    • Thanks, Johan. It helps to have an interesting topic like this. ;-)

      By: David Harley on October 30, 2010
      at 15:38

      Reply


Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Categories

Follow

Get every new post delivered to your Inbox.

Join 25 other followers

%d bloggers like this: