Posted by: David Harley | October 27, 2010

Mac Trojan spreads through Facebook (etc.)

SecureMac has reported a new Mac Trojan it calls trojan.osx.boonana.a spreading through social networking sites (Facebook is mentioned by name), passing itself off as a video and using the well-worn “Is this you in this video?” social engineering hook so familiar to connoisseurs of Windows malware. And in fact, this threat is also associated with specific Windows malware. 

The description suggests a Trojan downloader (a Java applet) that leads to the running of an installer that modifies system files so that an outside attacker doesn’t need passwords to access the system, and checks a C&C server (standard botnet stuff) periodically. Apparently it’s also being spammed out through email.

More information at http://prmac.com/release-id-17529.htm. Mac World have also referenced the SecureMac posting at http://www.macworld.co.uk/digitallifestyle/news/index.cfm?newsid=3246123.

While this threat can be mitigated by turning off Java in your browser (SecureMac give instructions for turning it off in Safari), even better protection is afforded by staying alert for blatant social engineering. 😉

David Harley CITP FBCS CISSP

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: