Mac OS X Java Trojan Horse: OSX/Koobface.A
Antivirus companies have discovered a new Java trojan horse, labeled OSX/Koobface.A (aka. Boonana), which spreads via social networks including Facebook, MySpace and Twitter. The Java applet masquerades as a video or photo gallery plugin, and requests access to the user’s computer.
If Allow is clicked, then the applet will attempt to obtain additional files from remote servers and join the computer to the Koobface botnet. Koobface is also known to try and steal credit card, and other personal information, from the user’s system.
I’d like to stress that this is a fairly non-event, and this kind of malware poses a low level of risk (hence the peaceful-looking blue triangle). It’s pretty clear that you shouldn’t allow websites, plugins and applets that you don’t trust, to access your computer. Just click Deny and that’s the end of it in this case. Snow Leopard does have some built-in anti-malware functionality, although I don’t know if or when it may be updated to detect Koobface. Either way, I wouldn’t run out to buy antivirus software just yet.
Note this trojan is not Mac OS X-specific, and also affects Windows and Linux systems.
Intego have a Security Memo with some additional details.
Inform your Friends about their Hacked Accounts
Every so often I receive an email from someone I know; it talks about something completely random, and almost always includes a link at the end. The same thing sometimes happens on MSN and I get a message like this:
(12:02:36 PM) Friend: Hey! My cat had a spastic fit, and then coughed up a hairball! Check it out!
Now, whether or not that link goes to a malware site, or just someplace for you to buy viagra is not the point. You don’t click on suspicious-looking links… do you?
In some cases they may have simply fallen for a phishing attack, and typed in their credentials where they shouldn’t have. They may even have been hacked due to weak secret questions. More often than not however – and you see this a lot with Hotmail/MSN users – what’s happened is that they logged into their email or MSN on an infected computer, which recorded their credentials. In either of these scenarios the info back to its HQ, where it starts being used to send out spam/viruses/porn/more porn/younameit.
The best solution is to simply change the password (and secret questions) for the account in question. Be a friend, and tell them that they’ve been 0wned.
[Updated 19/01/2011]
Loading ...
