Jan 17, 2011 17:31 GMT  ·  By

Security researchers warn the cross-platform Boonana trojan has several vulnerabilities which allows anyone to discover and abuse computers infected with it.

The trojan first appeared in October last year and comes in the form of a rogue Java applet that contains instructions to infect both Windows and Mac OS X systems.

The affected computers join together in a botnet exhibiting a P2P architecture with a custom communication protocol that is resilient to takedown attempts.

"While the protocol was designed to provide some degree of robustness to the botnet, it has some flaws that allow anyone (provided they have the right know-how) to exploit them for fun and/or profit," warns Harshit Nayyar, a security researchs at Symantec, which detects the threat as Jnanabot.

"At the very least, these flaws can be used to collect information about the infected hosts. At worst, they can be leveraged to create a fully functional parallel botnet or effect the complete takeover of the existing one," he adds.

First, a would-be attacker could identify infected hosts by scanning entire IP blocks and sending specially crafted messages on the communication ports in order to force an error message back from the bots.

Once a potential target is discovered, an information disclosure vulnerability allows the attacker to determine the version of the bot and more importantly, the operating system running on the computer.

Symantec researchers determined that Windows XP was the most affected operating system, accounting for 75% of all infections, while Mac OS X systems represented 16% of the remaining infections.

A second vulnerability in Boonana's P2P protocol can be exploited to upload a file to any location on a target system. By placing a malicious executable in the startup folder, for example, the attacker could install a backdoor and take full control of the computer.

Furthermore, each Boonana bot maintains a list of 100 peers which can be used to identity additional targets. Reading this list from each newly found infected computer allows mapping the entire network.

Users are strongly encouraged to install an up-to-date antivirus program on their computers and scan for Boonana infections, otherwise their systems might be at even greater risk.