Posted by: oldmacbloggit | January 22, 2011

Boonana Split: take 1 Tsp of OSX…

Mac OS X Machines Roped Into Jnanabot Network” by Gareth Halfacree revisits the Symantec analysis of the Jnanabot (Boonana) botnet and the conclusion that 16% of infected machines are Macs, as already covered in David Harley’s earlier blog.

The Bit-Tech article has attracted a number of comments arguing about what that figure actually means, but I think it’s pretty clear from Harshit Nayyar’s blog. (An excellent summary, by the way.) 

The flaws in the P2P protocol used  by the botnet for intercommunication have allowed Symantec to determine the proportion of users of various operating systems and OS versions at the time of their “snapshot” analysis in early December. What that gives them, it seems to me, is a (presumably) accurate figure for the number of infected Macs in the botnet (and for other systems, of course). This is fairly unusual, in that it’s vendor-agnostic telemetry, whereas AV vendor statistics are commonly based on reporting systems that are dependent on the presence or proximity of antivirus software, usually a specific brand.

What it doesn’t tell you is anything about the quantity of OS X systems infected with malware other than Boonana. It merely suggests rather strongly that Boonana has been rather successful at recruiting Macs. Nowhere near as successful as it has been at recruiting PCs running Windows XP, of course.

While the relation of this figure to Apple’s overall market share (around 5%-7% depending on source) has caused some confusion, the proportion of infected Macs is higher than you’d expect (at least double). I don’t know if that’s because the social engineering hooks used by Boonana are more effective than usual, or because cross-platform applications are more likely to be trusted by unwary Mac users, or something else entirely. But lack of caution is clearly an element here.

Meanwhile, John E. Dunn also mentions Boonana in an article citing Intego’s blog article The Year in Mac Security, which in turn links to Intego’s very interesting annual report.

Old Mac Bloggit

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: