14 DAY TRIAL // A new version of the Boonana trojan, which infects Windows and Mac OS computers alike, has been detected in the wild, suggesting that the malware is being actively developed and improved.
The trojan was discovered last week and functions as a Java applet. It was particularly designed to target Windows and Mac OS X users and gives attackers control over the compromised computers.
Boonana spreads through Facebook, where it uses social engineering to direct users to a fake YouTube page and trick them into running the Java applet.
"As you are on my friends list I thought I would let you know I have decided to end my life. For reasons that will be clear please visit my video on this site. Thanks for being by friend. :(" one of the used spam messages reads.
The trojan has multiple components. The propagation module hijacks Facebook session cookies from the local computer and uses them to send rogue messages from the associated accounts.
The comand and control component opens a connection to an IRC channel and allows attackers to perform various actions, such as launching DDoS, taking a screenshot from the compromised computer or downloading and executeing remote files.
Meanwhile, the main module connects to a remote server and downloads all of the other components, including an encrypted list of backup domains in case the main one goes down.
According to Graham Cluley, a senior technology consultant at Sophos, there have been several new Boonana variants detected since the trojan first came out, but they don't bring any new functionality.
What they do, is obfuscate the code in different ways in order to avoid detection. However, Mr. Cluley notes that the free Sophos Anti-Virus for Mac Home Edition is capable of blocking all of them.
Because of the cross-platform nature of Java, the trojan is also capable of running on other operating systems like Linux, Solaris or BSD.
However, on OSs other than Windows and Mac OS X, it's inoffensive, because the malicious code was not designed for these platforms.