Posted by: David Harley | October 27, 2010

OSX/Koobface: Intego vs. SecureMac? [Update 2]

[Additional update: further commentary by Ryan Naraine at http://www.zdnet.com/blog/security/koobface-for-mac-os-x-squirming-on-facebook/7579, by Dan Goodin for the Register at http://www.theregister.co.uk/2010/10/27/koobface_for_mac/, and by Casey Johnston at http://arstechnica.com/apple/news/2010/10/new-java-trojan-attacks-mac-os-x-via-social-networking-sites.ars.]

[Update: @stevejoblard also tells me that there’s been discussion in Apple support forums on OSX/Koobface since early October. I’m afraid it’s a while since I spent much time in such corners of the Internet: too much Windows action… Jerome Segura of ParetoLogic has also blogged on the topic and indicates that the attack works quite happily on Linux, though I’m still unsure as to some of the details.]

Tip of the hat to @stevejoblard for bringing my attention a post on the Intego blog about what they call OSX/Koobface.A. There’s a cryptic reference to “Reports [that] have circulated discussing a Trojan horse, but without understanding either the scope or the functioning of this malware” which I suspect refers to the SecureMac post referenced here.

Don’t drag me into this, boys: I haven’t seen a sample yet. 😉

Intego’s report is at http://blog.intego.com/2010/10/27/intego-security-memo-trojan-horse-osxkoobface-a-affects-mac-os-x-mac-koobface-variant-spreads-via-facebook-twitter-and-more/, and is characteristically comprehensive (and, no doubt, to Intego’s usual high standard of accuracy).

David Harley CITP FBCS CISSP
Mac Virus Administrator
Small Blue-Green World

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: