Posted by: David Harley | October 29, 2010

Boonana Comment at Mac Virus

Someone has just posted a slightly spammy comment to one of my recent blogs that poses me something of a problem. It’s clearly intended to push a product/service, though it’s apparently a free beta right now. And in principle, Mac Virus doesn’t endorse or favour products, not even ESET’s, and especially not products we have no experience of. (Yes, I know WordPress puts in those annoying semi-random adverts, but they’re nothing to do with me, and I do intend to do something about it: it’s just not a priority.

On the other hand, much of the post is more or less on topic. To whit:

This is true, there is so little information available on Mac malware that the Koobface is still a bit of a mystery.

We do however know that it does NOT act as a drive-by download, so if you get asked to download a Java Application, do NOT click ‘allow’ or ‘download’.

Well, I actually think we know quite a lot about what ESET calls Java/Boonana.A or Win32/Boonana.A, depending on which component is detected. After all, I’ve been adding links as they’ve hit my radar for the past three days, and that adds up to a lot of data. Still, I agree that considering that most vendors see a few dozen new OSX-specific malicious binaries a week nowadays, the amount of reliable information that’s available on those malware families is not huge.

And yes, this is very much social engineering-focused malware: its initial attack is on the user, not on the platform, and it isn’t self-launching in the first instance. If you smell a rat when you get the authorise install prompt, the malware can’t change your system files so as to allow unflagged external access. Actually, most malware (Windows as well as OS X) relies partly or totally on conning the user into running a malicious application.

By the way, an additional resource: Sophos video at

Mac Virus Administrator
Small Blue-Green World



  1. Hey David,

    It’s great that you have been blogging more frequently the last few days.
    Keep up the good work!

    • Thanks, Johan. It helps to have an interesting topic like this. 😉

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: