Security alert: New Trojan Horse apps said to attack the Mac
Some security mavens have long theorized that as the Mac becomes more popular, we'd start to see malware that would start targeting the platform. Sure enough, this morning's crop of email blasts from PR firms included a few notices of trojans that are affecting Mac users.
First, from SecureMac, comes word of trojan.osx.boonana.a, which comes disguised as a link on social networking sites asking "Is this you in this video?" Clicking the link downloads and runs a Java applet that then installs further applications to modify system files and open the system to password-free access. The other malicious apps report back to command and control servers, as well as hijack user accounts to spread the trojan through email spam.
The SecureMac press release notes that the "Java component of the trojan horse is cross-platform," but it's not clear from their statement that the other components are capable of running under Mac OS X.
Next, Intego reported that a similar Java trojan known as Koobface.A is also being spread through social networking systems such as Facebook and Twitter.
Intego reports that these trojans will give you fair warning, as the standard Mac OS X Java security alert (see below) will be displayed. If you're not expecting a Java applet to be running on your machine, click the Deny button and the applet will not run. If you want more information about what's happening, click the Show Details button, and you'll see that content with an untrusted root certificate wants to run on your computer. Clicking Deny will protect your machine from a possible malware infection. Allowing the Java applet to run will launch an installer that will be displayed on your machine. If you haven't launched an installer deliberately, then quit it immediately.
While it's unknown just how widespread or dangerous these trojans are to Mac OS X machines, we recommend that our readers pay attention to what's happening on their Macs and to use common sense when using social networking sites.
Keep in mind that it's not only malicious apps that you need to be wary of, but also malicious users sitting near you in the coffee shop. See our rundown on ways to protect yourself from Firesheep and cookie harvesting.
Share
Source: http://www.tuaw.com/tag/security
Some security mavens have long theorized that as the Mac becomes more popular, we'd start to see malware that would start targeting the...
Add a Comment
Sorry, I didn't notice this TUAW article until today. Too bad I didn't catch this earlier or I could have been more helpful.
First, the major thing that needs to be corrected is in the headline: "Trojan Horse apps" plural is incorrect. SecureMac and Intego were writing about the same Trojan, but they called it different names. This is extremely common in the antivirus/anti-malware industry. Most companies have their own naming conventions. Only a handful will use someone else's name.
Second, one commenter posted instructions for disabling Java in Chrome. I wrote instructions on how to disable Java in Safari, Firefox, Chrome, Opera, and Camino here:
http://security.thejoshmeister.com/2010/10/koobface-malware-for-mac-and-how-to.html
To answer Warren's question, the Java applet is cross-platform, and it tries to download a number of files from a number of servers. Each file is targeted specifically at either Mac OS X, Windows, or Linux. You can see lists of some of the files in Intego's follow-up article and on Symantec's site:
http://blog.intego.com/2010/10/29/more-information-about-the-koobface-trojan-horse-for-mac/
http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-102616-4246-99&tabid=2
If these crapplets are cross-platform, how are they explicitly aimed at OSX? Or did I read too much into the title of this article?
October 27 2010 at 4:43 PM Report abuse Permalink rate up rate down ReplyMac or PC users... it doesn't matter. I work IT and I see that people click on these links without thinking every day. I need a giant poster that says, "STOP. THINK. Then CLICK."
*sigh*
Hmmm... and Apple recently deprecated Java for OSX? Seems to be a touch of the foresight from One Infinite Loop!
October 27 2010 at 3:17 PM Report abuse Permalink rate up rate down ReplyOr maybe the reason we haven't had many reports this month of Steve replying to emails is because he's been too busy writing Java malware :-)
October 27 2010 at 4:19 PM Report abuse Permalink rate up rate down ReplyFor those who haven't done this already, if you want to disable Java in Chrome:
Click the wrench, then Under The Hood, then the Content Settings button. When that comes up, click on Plug-ins and then Disable Individual Plug-ins. You can choose to turn off Java (or any other basic plug-ins) there.
Wow. I just had this try to get me on Facebook this morning. I clicked on the link and was presented to a "facebook login" page, but I noticed it was NOT on the facebook domain. Only I when looked at the root of that domain was I warned about the applet. In both cases I knew to NOT give permission nor my password to something nefarious like that (but then, I pay attention to more than the page content).
October 27 2010 at 2:39 PM Report abuse Permalink rate up rate down ReplyIf you still fall for the "Is this you in this video?", you deserve to have your computer infected.
October 27 2010 at 2:08 PM Report abuse Permalink rate up rate down ReplyAs the above commenters said, it's not much of a Trojan if it asks for permissions explicitly. Plus, why not just disable Java in Safari or whatever browser you use? It doesn't do anything on the web nowadays anyway...
October 27 2010 at 2:04 PM Report abuse Permalink rate up rate down ReplyFacebook - are these apps? One people's pages?
October 27 2010 at 2:02 PM Report abuse Permalink rate up rate down Replyhi guys-
Symantec has a writeup here:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-102616-4246-99
No mention of Mac OS X?
October 27 2010 at 7:48 PM Report abuse Permalink rate up rate down ReplyHot Apps on TUAW
Deals of the Day
more deals- Used Apple iPhone 3G 8GB for AT&T for $108 + $5 s&h
- Apple Mac Pro Xeon 6-Core 3.3GHz Desktop w/ 12GB RAM for $3,899 + $28 s&h
- Apple MacBook Pro Core i7 Quad 2.2GHz 15" SSD Laptop for $2,447 + $13 s&h
- Apple Earphones with Remote and Mic for $6 + $2 s&h
- PC Micro Store sale: Up to 50 off
- USB MP3 Player FM Transmitter with remote for $6 + free shipping
Software Updates
more updates- EFI Firmware Update brings Lion Internet Recovery to 2010-model Macs
- OS X Lion 10.7.3 released with Safari 5.1.3, Wi-Fi bug fix
- Aperture updated to 3.2.2, addresses Photo Stream issue
- Apple updates Keynote to address Lion issues
- Google Search app gets new look on iPad
- Apple releases Apple TV Software Update 4.4.3
Featured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
23 Comments