Koobface for Mac OS X squirming on Facebook
Summary: Security researchers have found the first version of the Koobface malware targeting Mac OS X users on Facebook, MySpace and Twitter.
Security researchers have found the first version of the Koobface malware targeting Mac OS X users on Facebook, MySpace and Twitter.
"This threat is a Mac OS X version of the Koobface worm, which is served as part of a multi-platform attack via a malicious Java applet," according to an alert from Intego.
SEE: Apple: Mac users should run multiple anti-virus
This new Koobface variant, currently spreading via links in messages on social networking sites, users malicious web sites to attempt to trick Mac OS X users into viewing a video file.
According to Intego, these sites attempt to load a Java applet. There is no automatic infection because users are alerted via the standard Mac OS X Java security alert.
Users can deny or allow the applet access to their computers. If they click Deny, the applet will not run, and no infection will occur. If they click Allow, however, the applet will run, and will attempt to download files from one or more remote servers.
SEE: How Snow Leopard can save Mac OS X from malware attacks
If the user is tricked into running the Java applet, malicious files are downloaded into an an invisible folder (.jnana) in the current user’s home folder.
These files include elements designed to infect Mac OS X, Windows and Linux. The Java applet should also download an installer that will then launch and attempt to install the malware. While Intego has evidence of several infections in the wild, we are not currently able to go beyond this step, as either the malicious malware has bugs preventing it from running correctly, or the servers it contacts are not active or are not serving the correct files.
The company said the malware is capable of operating exactly likethe Koobface worm running on Windows. "It runs a local web server and an IRC server, acts as part of a botnet, acts as a DNS changer, and can activate a number of other functions, either through files initially installed or other files downloaded subsequently," Intego said.
The company rates the threat as "low" because the current Mac OS X implementation is flawed but warned Mac OS X users that the malicious hackers behind Koobface is now tinkering with a Mac version to expand the base of victims.
* Image via Newlaunches.com.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: Koobface for Mac OS X squirming on Facebook
But Mac users don't run AV so
RE: Koobface for Mac OS X squirming on Facebook
We don't, that's news to me. My Virus Barrier keeps bugging me to update. But how could that be "Mac users don't run AV"?
My Fault. I should have said
You're actually the first person here that I've noticed that actually said they run it on their Mac.
(My neice actually told me her college professor told her to get a Mac because they're not capable of being infected, so with advice like that...)
It's there hiding on my MAC - really?
FTA "[i]There is no automatic infection because users are alerted via the standard Mac OS X Java security alert.[/i]"
Oh I guess you think everyone is stupid enough to by pass security and run everything a Web site tries to invoke.
Get a life John...
@jacarter3: Why shouldn't he?
You do realize, don't you, that nearly 100% of all web infections on Windows happen to people who do [b]exactly[/b] what you described above? So while not [b]everyone[/b] is that stupid, the evidence does support the conclusion that many, many, many people truly are stupid enough to ignore the warnings that an OS presents to its users and [b]will[/b] download and run malware on their computers.
RE: Koobface for Mac OS X squirming on Facebook
Of course I'll be alerted, because Java apps run in a sandbox, and have to explicitly ask permission to access my Mac.
Take a look at this: http://blog.intego.com/wp-content/uploads/2010/10/koobface1.jpg
When I see the message asking me if I want to run some Java applet with a signature that can't be verified, I click Deny.
No anti-malware software needed.
Cue the double standards and the arrogant egos...
[i]Oh I guess you think everyone is stupid enough to by pass security and run everything a Web site tries to invoke.[/i]
Oh, I see, so when it's Windows UAC asking to allow or cancel, everyone is stupid enough to bypass security; but when it's Apple's controls, because they are Mac users, they are inherently smarter?
Doubt it...remember, the majority of people who purchase Apple are because they 1) bought into marketing hype, or 2) bought because their peers have an Apple product (and I'm talking computer, phone, mp3 player)...they didn't buy out of need or necessity. (yes, I will admit that in some industries/functions, Macs are the better choice. But it has [i][b]nothing[/i][/b] to do with security)
Stay tuned, more of this sort will show up...just like Charlie Miller said (who knows a thing or two about Macs), as soon as it starts to pay off to hack Macs, people will.
RE: Koobface for Mac OS X squirming on Facebook
You click "Deny" (wait, Mac has what basically amounts to as UAC? Really? {/sarcasm}, but the majority of computer users, be they Windows or Mac WON'T click Deny.
Do not apply your technical ability and knowledge to the average user, it just doesn't work, especially for "Macs are compeletely safe" users who don't know better.
My life is more informed, jacarter3
The Standard Alert doesn't distinguish between a trojan and some applet designed to run and play silly music for a clip or something, unlike AV software that says will let you know.
RE: Koobface for Mac OS X squirming on Facebook
"The United States has the dubious honor of being the country with the most botnet infections. Microsoft identified 2.2 million computers compromised by botnet malware in the U.S. during the second quarter of the year, four times more than Brazil, where 550,000 botnet infections were identified."
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=227800051
Care to explain this? Microsoft is the OS company of choice for botnets...so tell me why you're here bashing MacOS?
Thank you, numbnut, for once again applying the iPhone idealogy...
ya know, the "if we point our finger at someone else, it negates the flaw with our own product" defense
RE: Koobface for Mac OS X squirming on Facebook
Actually, if you read above you will see that even without antivirus you have to explicitly give it permission to run.
I don't know, cyberslummer2, why are you
My take is you have now right to comment on much of anything, except maybe the color of your basement "bedroom".
Wait up there Johnny boy...
Still laughing and you may flame on and on and on...
You're forgetting some important points
Yet there are 20 Vulnerabilities MS has not fixed
Why? Please explain that Loverock.
MS 20 Vulnerabilities that have not been patched:
http://www.zerodayinitiative.com/advisories/upcoming/
ZDI-CAN-533, 2009-07-23 (461 days ago)
ZDI-CAN-543, 2009-08-06 (447 days ago)
ZDI-CAN-598, 2009-10-27 (365 days ago)
ZDI-CAN-672, 2010-02-02 (267 days ago)
ZDI-CAN-706, 2010-03-12 (229 days ago
ZDI-CAN-767, 2010-04-06 (204 days ago)
Hooay!
And in Linux, so what's you point? Hooay!
John Zern, Mocks the United States Army Battle Cry
Riding with Penguins in a World of Glass and Fruit, Freedom.
Hooay!
As do you