Cross-Platform Attack Installs Trojan on Windows and Mac

By on October 27th, 2010 08:51 GMT

SecureMac warns of a Java-based drive-by download attack capable of infecting both Windows and Mac OS X operating systems with a trojan.

Security researchers from the Mac-focused anti-malware vendor, have spotted the attack on social networking websites, including Facebook, where it spreads via links to fake videos.

The rogue messages read "Is it you in this video?" and direct unsuspecting users to a malicious page that tries to exploit a vulnerability in outdated versions of Java.

Successful exploitation results in a trojan being installed on the visitor's system, regardless if it is Mac OS X or Windows.

"This is a sobering reminder that hackers are turning their efforts toward Mac OS X as Apple's marketshare grows, and users should be vigilant in protecting their computers and taking precautions when surfing the web," said Nicholas Ptacek, a security researcher at SecureMac.

Once installed, the new trojan, dubbed Boonana, allows remote attackers access to all files on the system.

It runs hidden in the background and attempts to contact multiple command and control (C&C) servers in order to receive instructions.

The malware is similar to the notorious Koobface Windows trojan, as it hijacks social networking accounts and uses them to post spam. According to some reports, it can also spread via email.

The intriguing video lure has been used before to spread malware in attacks targeting both Mac and Windows.

This was the case of a Mac trojan called OSX_JAHLAV.D, which was served as a QuickTime Player update to users trying to see rogue online videos.

However, this is the first time when a vulnerability in a cross-platform application is exploited to deliver the malicious payload.

Known as a drive-by download, this type of attack is different, because the infection process does not require interaction and is completely transparent to the user.

Microsoft recently warned that Java is the most targeted platform as far as Web-based exploits are concerned and there are indications that Apple plans to stop bundling it in future versions of Mac OS X.

Users are advised to uninstall the Java completely or to at least disable its browser plugin component. In Safari this can be done by going to Preferences > Security and unchecking the "Enable Java" option.
New Mac OS X trojan distributed as drive-by download
   New Mac OS X trojan distributed as drive-by download
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments