Boonana Trojan Horse Analysis and Removal Tool

in Announcements (E)

[] Las Vegas, Nevada - On October 26th, 2010, SecureMac broke the news of the Boonana Trojan Horse (trojan.osx.boonana.a), a piece of malware which is spreading via social networking sites that is cross platform and affects Mac OS X.

Today, October 28th 2010, the team at SecureMac has released an initial analysis of the Boonana Trojan Horse and has created a free removal tool as well as administrative instructions to manually remove the affected machines. All of the information including the analysis of the malware is available at the Boonana Trojan Horse security bulletin page.

The initial infection vector of the Boonana trojan is through a message on social networking sites similar to "Is this you in this video?" which includes a link to an external site. Upon clicking the link, a java applet will attempt to load in the user's web browser.

During our testing, the malicious Java applet communicated with a Command & Control server, and presented an installer window at a random time after accessing the malicious site. This installer did not indicate that it had been downloaded from the web which indicates it is avoiding the quarantine flag typically set by programs such as Safari ...

Threat level discussed:
Due to the fact that the Command and Control servers for the malware are still active, gathering information such as IP addresses (most likely for control purposes), as well as the modification of the sudoers file to allow passwordless access, we maintain a threat level rating of critical for trojan.osx.boonana.a. In many cases, especially with botnets, the malware might not initially exhibit malicious behavior, but can become active at any time as the command and control servers are updated. Detailed procedures and instructions are also listed in the report.

Since 1999, SecureMac has been at the forefront of Macintosh system security. The site not only features complete Macintosh Anti-Spyware and Antivirus solutions, but also operates as a clearinghouse for news, reviews and discussion of Apple computer security issues. Users from novice to the most advanced will find useful information at SecureMac that is designed to make their computer experience trouble free. Copyright (C) 2010 SecureMac. All Rights Reserved. Apple, the Apple logo and Macintosh are registered trademarks of Apple Inc. in the U.S. and/or other countries.


Print this page | PDF | TXT | Read other releases by this member.