Koobface worm targets Mac users on Facebook, Twitter
Malicious Java applet shows that Apple's smart to dump Oracle's technology, says researcher
Computerworld - A new variant of the Koobface worm that targets Mac OS X and Linux as well as Windows is spreading through Facebook, MySpace and Twitter, security researchers warned today.
Antivirus firms first reported the malware, dubbed "Boonana," on Wednesday when Intego and SecureMac, two Mac-only security vendors, warned Mac OS X users that the worm was aimed at them.
Boonana spreads via messages posted to social networking or microblogging sites. Those messages bait the trap with the subject "Is this you in the video?" and a link to a malicious site. People who bite and click the link are then prompted to run a Java applet.
That applet is key to the malware's cross-platform capabilities, said Symantec in a note posted to its research blog.
"The [malware] is written in Java, which is a platform independent language," said Symantec researcher Jeet Morparia. "Individual modules contain Java compiled files, which are packaged in a Java runtime executable. As long as a computer has the Java Runtime Environment (JRE) installed on it, which is often the case across all the platforms, the threat can execute itself."
Intego and Symantec noted that the worm includes several components, including an IRC connector used by the hacker to issue commands to hijacked computers, a keylogger to steal usernames and passwords, and a rootkit to hide it from security software.
Functionally, Boonana works the same as the better-known Koobface Windows worm. Koobface has been actively infecting Windows PCs for more than two years, although virulent forms used in large-scale attacks didn't appear until early 2009.
Koobface, an anagram of Facebook, is best-known for infecting PCs through spammed messages on the giant social networking service.
According to Symantec, Boonana includes a component that reads browser cookies of users logged into Facebook, then posts additional bogus messages and links on the site using those Facebook accounts.
A Facebook spokesman downplayed the threat, saying in an e-mail reply to a request for comment that it was a "small-scale attack." As is its practice, Facebook has blocked access to accounts compromised by Boonana in an attempt to quell the malware outbreak.
Marc Fossi, the director of Symantec's security response team, echoed Facebook, saying that his group had tracked a number of infection attempts, but that the number was "not in epidemic proportions."
The important element in Boonana, Fossi continued, is its cross-platform infection ability, courtesy of Java, which is installed on many Windows, Mac and Linux machines. Such threats are rare, he added, as he cited the one example he was familiar with. "I recall [just] one piece of malcode from a few years back that affected Windows and OS X, but I believe it was proof of concept and didn't really go anywhere," he said.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts