Experts warn of 'Boonana' Trojan threat to Macs
Summary: A new Trojan horse malware that affects Mac OS X has been uncovered by Macintosh Security site SecureMac.
A new Trojan horse malware that affects Mac OS X has been uncovered by Macintosh Security site SecureMac.
The Trojan is called 'trojan.osx.boonana.a' and is being disguised as a video and distributed through social-networking sites such as Facebook. It appears on people's Facebook pages and may contain the text "Is this you in this video?" in the link. When the link is clicked, the Trojan runs a Java applet that downloads other files to the computer and automatically opens an installer.
The Trojan will then run in the background and appears to report system information to servers on the internet, leading to a potential breach of personal information. The Trojan also attempts to spread itself by sending spam email messages from the user's account.
For more on this story, read Critical security risk posed by new 'Boonana' Trojan horse for OS X on CNET News.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: Experts warn of 'Boonana' Trojan threat to Macs
RE: Experts warn of 'Boonana' Trojan threat to Macs
You are absolutely correct! Too bad the Apply Company won't make its users aware! I guess it's because as some young kid stated here, "It would not be socialably accepted."
RE: Experts warn of 'Boonana' Trojan threat to Macs
OMG You are both so clever to spin this against reality.
RE: Experts warn of 'Boonana' Trojan threat to Macs
Disable Java
secureMac: http://www.securemac.com/boonana-bulletin.php
The java component of the trojan horse is cross-platform, and includes other files that affect Mac OS X as well as Microsoft Windows.
Users can protect themselves from infection by turning off Java in their web browser. This can be accomplished in Safari by clicking the Security tab under Safari Preferences, and making sure the "Enable Java" checkbox is unchecked.
Hooay!
Are you sure you want to open this web page?
Cancel or Allow?
Wow, OS X sounds annoying as h3ll!!!!
RE: Experts warn of 'Boonana' Trojan threat to Macs
No, "Cancel or Allow" isn't a Mac thing. You must be thinking of Vista.
It doesn't take much common sense to realize that if something is trying to install itself that you didn't initiate, it's a scam of some sort.
Huh, guess I won't be switching to OS X
RE: Experts warn of 'Boonana' Trojan threat to Macs
Its no different than saying Windows is too dangerous.
http://www.zerodayinitiative.com/advisories/upcoming/
Hooay!
But people DO say Windows is too dangerous
So I agree, it is no different. OS X is too dangerous as well so there is no reason to jump from the frying pan and into the fire.
RE: Experts warn of 'Boonana' Trojan threat to Macs
As for Java, just say NO.
RE: Experts warn of 'Boonana' Trojan threat to Macs
http://reviews.cnet.com/8301-13727_7-20020892-263.html
The link there takes you to cnet, which states:
"As with most Trojans, this will require you to enter your password to install the software and make modifications to the system, so be sure you never supply your password unless you specifically open an installer file and know and trust where that installer came from."
Another non-issue unless the user is a complete fool.
RE: Experts warn of 'Boonana' Trojan threat to Macs
Hear the macboys tell it when it involves Windows users, there are tons of complete fool out there. I don't know???
RE: Experts warn of 'Boonana' Trojan threat to Macs
I would assume buying a Mac selected for these traits ;-)
RE: Experts warn of 'Boonana' Trojan threat to Macs
First AntennaGate, then GlassGate and.....
RE: Experts warn of 'Boonana' Trojan threat to Macs
2. It makes it sound like it just does it with no questions asked. You are asked by the Mac OS to click before it is allowed to go any farther. The big problem with that is too many people will fall for the social engineering and click. If you don't even want to see the thing to click on in the first place, see the next point.
3. It is Java. Since Java is an interpreted language if Boonana was coded properly and ran correctly it should work not just on OS-X but on Windows and Linux as well. So either turn Java off in your browser or uninstall Java completely if you know you don't need it. WARNING: Many work apps use Java. In that case option one is to dedicate one type of browser, say IE to do the work apps. Then use another browser (Chrome, Opera, Safari, Firefox, et al) with Java disabled for everything else. Another alternative is to use Firefox with NoScript installed. Usually most Java work apps will work only with IE so this is usually not a good option. Hint: my avocation is to produce filters that filter out bad stuff on the Internet. On the machine / OS combinations dedicated for the purpose of creating said filters Java is not on them. Flash, is on my systems (to detect false antivirus scans) but every time there is a new exploit for flash the link for flash in the plugin folder gets removed until the problem is fixed. Get the picture?