Someone has just posted a slightly spammy comment to one of my recent blogs that poses me something of a problem. It’s clearly intended to push a product/service, though it’s apparently a free beta right now. And in principle, Mac Virus doesn’t endorse or favour products, not even ESET’s, and especially not products we have no experience of. (Yes, I know WordPress puts in those annoying semi-random adverts, but they’re nothing to do with me, and I do intend to do something about it: it’s just not a priority.
On the other hand, much of the post is more or less on topic. To whit:
This is true, there is so little information available on Mac malware that the Koobface is still a bit of a mystery.
We do however know that it does NOT act as a drive-by download, so if you get asked to download a Java Application, do NOT click ‘allow’ or ‘download’.
Well, I actually think we know quite a lot about what ESET calls Java/Boonana.A or Win32/Boonana.A, depending on which component is detected. After all, I’ve been adding links as they’ve hit my radar for the past three days, and that adds up to a lot of data. Still, I agree that considering that most vendors see a few dozen new OSX-specific malicious binaries a week nowadays, the amount of reliable information that’s available on those malware families is not huge.
And yes, this is very much social engineering-focused malware: its initial attack is on the user, not on the platform, and it isn’t self-launching in the first instance. If you smell a rat when you get the authorise install prompt, the malware can’t change your system files so as to allow unflagged external access. Actually, most malware (Windows as well as OS X) relies partly or totally on conning the user into running a malicious application.
By the way, an additional resource: Sophos video at http://nakedsecurity.sophos.com/2010/10/29/video-cross-platform-malware-runs-on-windows-mac-and-linux/?utm_source=twitterfeed&utm_medium=twitter.
David Harley CITP FBCS CISSP
Mac Virus Administrator
Small Blue-Green World