All posts in Trojan

SecureMac Releases New Information About Boonana Trojan Virus

We told you about the Boonana Trojan Mac virus that was discovered by SecureMac just yesterday. SecureMac has now completed its initial analysis of the virus and has new information about it, as well as a removal tool if you believe your Mac is infected.

According to the company’s security bulletin, “The initial infection vector of the Boonana trojan is through a message on social networking sites similar to “Is this you in this video?” which includes a link to an external site. Upon clicking the link, a java applet will attempt to load in the user’s web browser. During our testing, the malicious Java applet communicated with a Command & Control server, and presented an installer window at a random time after accessing the malicious site. This installer did not indicate that it had been downloaded from the web which indicates it is avoiding the quarantine flag typically set by programs such as Safari.”

This virus is still listed as a critical security threat due to the fact that the control servers are still operational. SecureMac notes that this means that servers could be gathering information from infected computers like IP Addresses, and potentially the modification of sudoers file that would allow passwordless access to any potentially infected machines. It is thought that this trojan virus could be used for control purposes.

“In many cases, especially with botnets, the malware might not initially exhibit malicious behavior, but can become active at any time as the command and control servers are updated,” notes SecureMac in the updated bulletin.

You can read the provided by SecureMac by clicking here, and you can also keep an eye out on the SecureMac bulletin page where future updates on this virus will be posted. If you believe your Mac is infected with this virus, you can try running the removal tool found on the bulletin page or by clicking here to directly download the tool.

For more information about the virus stay tuned to Mac|Life.

 

Follow this article’s author, Cory Bohon on Twitter.

 

 

News

Security Alert: New Trojan Horse on Mac OS X Spread Through Social Networks

It’s not often that you hear of a virus for the Mac, but according to a Secure Mac security bulletin, a new trojan virus has been detected on the Mac. The bulletin notes that the virus is spread through social networking websites like Facebook and is disguised as a video.

The trojan called “trojan.osx.boonana.a” has been wreaking havoc on both Windows and Mac platforms.

Secure Mac says, “When a user clicks the infected link, the trojan initially runs as a Java applet, which downloads other files to the computer, including an installer, which launches automatically. When run, the installer modifies system files to bypass the need for passwords, allowing outside access to all files on the system. Additionally, the trojan sets itself to run invisibly in the background at startup, and periodically checks in with command and control servers to report information on the infected system. While running, the trojan horse hijacks user accounts to spread itself further via spam messages. Users have reported the trojan is spreading through e-mail as well as social media sites.”

This is a cross-platform virus due to the Java code that can be executed on both Windows and Mac operating systems. Secure Mac gives us some tips for protecting your computer from this virus. The first tip is to turn off Java execution in your web browser. You can do this in Safari by navigating to Safari > Preferences > Security Tab and unchecking the “Enable Java” checkbox.

Additional tips from Secure Mac includes:

1. Watch where you surf. By sticking with safe, well-known websites, you will be less likely to visit a site that will attempt to infect you with a trojan horse. Be especially careful when surfing to links included in messages on social media sites, even if they come from a friend.
2. Watch what you download. Download files only from trusted sources and safe sites.

3. Use security features in OS X. Turn on the built-in Firewall, and consider security software, especially when a computer is shared by multiple users.

If you believe your Mac is infected with this virus, you can download and run the free removal tool from Mac Scan on the Secure Mac website. You can also read more about this virus on that website.

 

Follow this article’s author, Cory Bohon on Twitter.

 

 

News