All posts in Information

SecureMac Releases New Information About Boonana Trojan Virus

We told you about the Boonana Trojan Mac virus that was discovered by SecureMac just yesterday. SecureMac has now completed its initial analysis of the virus and has new information about it, as well as a removal tool if you believe your Mac is infected.

According to the company’s security bulletin, “The initial infection vector of the Boonana trojan is through a message on social networking sites similar to “Is this you in this video?” which includes a link to an external site. Upon clicking the link, a java applet will attempt to load in the user’s web browser. During our testing, the malicious Java applet communicated with a Command & Control server, and presented an installer window at a random time after accessing the malicious site. This installer did not indicate that it had been downloaded from the web which indicates it is avoiding the quarantine flag typically set by programs such as Safari.”

This virus is still listed as a critical security threat due to the fact that the control servers are still operational. SecureMac notes that this means that servers could be gathering information from infected computers like IP Addresses, and potentially the modification of sudoers file that would allow passwordless access to any potentially infected machines. It is thought that this trojan virus could be used for control purposes.

“In many cases, especially with botnets, the malware might not initially exhibit malicious behavior, but can become active at any time as the command and control servers are updated,” notes SecureMac in the updated bulletin.

You can read the provided by SecureMac by clicking here, and you can also keep an eye out on the SecureMac bulletin page where future updates on this virus will be posted. If you believe your Mac is infected with this virus, you can try running the removal tool found on the bulletin page or by clicking here to directly download the tool.

For more information about the virus stay tuned to Mac|Life.


Follow this article’s author, Cory Bohon on Twitter.




Safari 5.0 AutoFill Feature Could Leave Your Information Vulnerable

Click image to embiggen.

Security researcher Jeremiah Grossman discovered a security vulnerability that could give any website the ability to steal user information from Safari’s AutoFill feature that grabs user information from Address Book on the Mac. Apple countered Grossman by releasing Safari 5.0.1 that supposedly corrected the issue, but Grossman has found another potentially dangerous way to grab user information from Apple’s flagship web browser.

To get the user information, Grossman setup a “game” whereby the user needed to type a “U” to jump. When the user typed the U, the text was placed in the country field, telling Safari to go ahead and automatically fill out the entire form with personal user information, including first name, last name, city, state, email, phone, street, country, and the zip (or postal) code.

“To perform our attack requires tiny bit of end-user trickery. Two button presses to be precise. A malicious website detects (ie: IP address) the country the victim is from. For our purposes here we’ll assume the “US.” The attacker invisibly (CSS transparency) sets up the aforementioned form and forces the keystroke focus into the country element. Notice how this is done in the video on the right side of the screen, which only visible for demonstration purposes. Next the attacker entices the victim to type “U” (first character of “US”) and then press “TAB.” And BAM! That’s it! Data stolen,” says Grossman on his blog.

Grossman also posted a video showing the exploit in progress, which you can find on his post.

Apple has yet to address this potential exploit, but with any vulnerability like this, you can always combat the problem by turning off the affected feature. By disabling the AutoFill feature in Safari, you are essentially killing this hack. You can disable AutoFill by navigating to Safari > Preferences > AutoFill and unchecking the box labeled “Using info from my Address Book card.”

via MacRumors


Follow this article’s author, Cory Bohon on Twitter.