A new version of the Boonana trojan, which infects Windows and Mac OS computers, has been detected in the wild.The new variant, trojan.osx.boonana.b, behaves in a very similar manner to the original malware, and is currently being distributed on multiple sites.
In addition to the website documented by ESET as currently distributing the malware, SecureMac has identified two more websites that are currently hosting the new malware variant.
Says SecureMac, Boonana has certain degree of risk. Currently it’s arriving through a web-link inside messages captioned, “Is this you in this video?” on websites for social networking.
Anybody who clicks the web-link gets the Trojan to first execute itself in the form of a Java applet that pulls down other files from the Net onto his PC. One of these files is an installer that runs without any intervention. And once run it alters system files thereby evading the requirement to enter passwords, while letting the remote attacker gain access and control over the computer.
Moreover, the Trojan remains hidden while doing its malicious tasks like continually transmitting details of the victim’s PC to a remote computer server as also promoting itself via the user’s e-mail account along with the social networks he focuses on.
Besides, Boonana from time-to-time links up with remotely operating command-control servers for informing the details about the contaminated machine. And whilst active, it compromises the accounts of users for self-replication through the means of spam mails.
However, as with the earlier discovered version of the Trojan, users still have the option to block the Java applet from running; when prompted to run the software, a pop-up window will appear with the options to Allow or Deny the software from running.
Security products such as SecureMac’s MacScan and Intego’s VirusBarrier can protect against this variant, and SecureMac is also offering a free removal tool for infected computers. But as always, the best offense is a good defense, so think before you click.