Security Firm Identifies Cross Platform Trojan Horse

Security firm SecureMac has identified a new cross platform trojan horse that targets Mac users and works on Mac OS X systems. The company has dubbed the trojan horse malware package “trojan.osx.boonana.a,” and said it is spreading via social network services such as Facebook disguised as a video with the subject, “Is this you in this video?”

A trojan horse is a term used to describe software (as in maliciously crafted software, or malware) that is disguised as something benign. It requires user interaction to install itself, which almost always means that a Mac user has to give the malware permission to install itself, including entering their password.

Mac Security

Boonana, however, is a java applet disguised as a video, and the installer for the malware launches when users click the video link. That installer, assuming the user gives it permission and a password, then installs system files that SecureMac says bypasses the need for future password. Those files also give the bad guys full access to your Mac, and report to various servers on the Internet.

The software also then seeks to spread itself through e-mail messages and social networking services, in your name.

While first publicly identified by SecureMac, which has updated its antivirus software for the Mac called MacScan to combat the trojan horse, competitor Intego has issued its own statement about Boonana. According to Intego, Boonana is a Mac-compatible version of an older worm called Koobface.

The firm also specified that Boonana, “propagates as a worm, is installed via a Trojan Horse, and installs a rootkit, backdoor, command and control, and other elements.” That’s for the antiviral pedants out there who take exception to the term “trojan horse.”

Intego characterized the risk represented by Boonana as “Low,” calling it a “flawed” implementation. SecureMac rated it as a “Critical” risk.