All posts in Boonana

Variant of Boonana Virus Found on the Mac

For the second time in just over a week, a second virus has been found on the Mac. Trojan.osx.boonana.b is a variant of the malware that was discovered last week called Boonana. SecureMac, which discovered this new variant, believes the malware to be a variant of the Koobface virus that was discovered infecting Windows machines back in 2008.

The SecureMac bulletin noted, “The new variant, trojan.osx.boonana.b, behaves in a very similar manner to the original malware, and is currently being distributed on multiple sites. In addition to the website documented by ESET as currently distributing the malware, SecureMac has identified two more websites that are currently hosting the new malware variant. Rather than the initial site which tricks users into running (and installing) the malware, these servers seem to be hosting update code for the malware. The infected machines contact these servers looking for updates to the malware payload. At the time of analysis (November 2nd, 2010), these servers were live, and distributing malware.”

In addition to SecureMac, Microsoft has also identified this virus as a critical threat for both Macs and PCs in their Malware Protection Center.

As previously reported here on Mac|Life, the virus is a Java-based application that runs in the web browser and gets around administrator password entry before begin run. This means that the virus has the ability to install itself without your knowledge.

You can protect yourself by disabiling Java in your Mac web browser of choice; and, if you believe your Mac is infected, you can download and run a free removal tool from the SecureMac website.

As always, stay tuned to Mac|Life for more information on the Boonana virus.


Follow this article’s author, Cory Bohon on Twitter.




SecureMac Releases New Information About Boonana Trojan Virus

We told you about the Boonana Trojan Mac virus that was discovered by SecureMac just yesterday. SecureMac has now completed its initial analysis of the virus and has new information about it, as well as a removal tool if you believe your Mac is infected.

According to the company’s security bulletin, “The initial infection vector of the Boonana trojan is through a message on social networking sites similar to “Is this you in this video?” which includes a link to an external site. Upon clicking the link, a java applet will attempt to load in the user’s web browser. During our testing, the malicious Java applet communicated with a Command & Control server, and presented an installer window at a random time after accessing the malicious site. This installer did not indicate that it had been downloaded from the web which indicates it is avoiding the quarantine flag typically set by programs such as Safari.”

This virus is still listed as a critical security threat due to the fact that the control servers are still operational. SecureMac notes that this means that servers could be gathering information from infected computers like IP Addresses, and potentially the modification of sudoers file that would allow passwordless access to any potentially infected machines. It is thought that this trojan virus could be used for control purposes.

“In many cases, especially with botnets, the malware might not initially exhibit malicious behavior, but can become active at any time as the command and control servers are updated,” notes SecureMac in the updated bulletin.

You can read the provided by SecureMac by clicking here, and you can also keep an eye out on the SecureMac bulletin page where future updates on this virus will be posted. If you believe your Mac is infected with this virus, you can try running the removal tool found on the bulletin page or by clicking here to directly download the tool.

For more information about the virus stay tuned to Mac|Life.


Follow this article’s author, Cory Bohon on Twitter.