Koobface for Mac OS X squirming on Facebook

Summary:Security researchers have found the first version of the Koobface malware targeting Mac OS X users on Facebook, MySpace and Twitter.

Security researchers have found the first version of the Koobface malware targeting Mac OS X users on Facebook, MySpace and Twitter.

"This threat is a Mac OS X version of the Koobface worm, which is served as part of a multi-platform attack via a malicious Java applet," according to an alert from Intego.

SEE: Apple: Mac users should run multiple anti-virus

This new Koobface variant, currently spreading via links in messages on social networking sites, users malicious web sites to attempt to trick Mac OS X users into viewing a video file.

follow Ryan Naraine on twitter
According to Intego, these sites attempt to load a Java applet.  There is no automatic infection because users are alerted via the standard Mac OS X Java security alert.

Users can deny or allow the applet access to their computers. If they click Deny, the applet will not run, and no infection will occur. If they click Allow, however, the applet will run, and will attempt to download files from one or more remote servers.

SEE: How Snow Leopard can save Mac OS X from malware attacks

If the user is tricked into running the Java applet, malicious files are downloaded into an an invisible folder (.jnana) in the current user’s home folder.

These files include elements designed to infect Mac OS X, Windows and Linux. The Java applet should also download an installer that will then launch and attempt to install the malware. While Intego has evidence of several infections in the wild, we are not currently able to go beyond this step, as either the malicious malware has bugs preventing it from running correctly, or the servers it contacts are not active or are not serving the correct files.

The company said the malware is capable of operating exactly likethe Koobface worm running on Windows. "It runs a local web server and an IRC server, acts as part of a botnet, acts as a DNS changer, and can activate a number of other functions, either through files initially installed or other files downloaded subsequently," Intego said.

The company rates the threat as "low" because the current Mac OS X implementation is flawed but warned Mac OS X users that the malicious hackers behind Koobface is now tinkering with a Mac version to expand the base of victims.

* Image via Newlaunches.com.

Topics: Enterprise Software, Apple, Hardware, Social Enterprise

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.