In-depth look at Boonana Malware

There aren't many threats that impact Windows and Mac OS X, so the Boonana malware deserves a little deeper analysis.

Last week a malware threat emerged that impacted both Windows and Mac OS X systems. To be fair, the attack is more social engineering than PC exploit, but it impacts Mac OS X users just the same. ESET's David Harley has written a more detailed analysis of the Boonana threat, and identified some elements that are contrary to initial reports.

In a blog post explaining the Boonana analysis, Harley describes why the threat is more of a social engineering attack than a worm. "This is very much social engineering-focused malware: its initial attack is on the user, not on the platform, and it isn't self-launching in the first instance. If you smell a rat when you get the authorize install prompt, the malware can't change your system files so as to allow unflagged external access. Actually, most malware (Windows as well as OS X) relies partly or totally on conning the user into running a malicious application."

Boonana uses the common social engineering technique of the "is this you in this video?" to lure users into clicking on the YouTube link. In some instances, it uses a darker, and significantly more compelling bait, with a message that reads "As you are on my friends list I thought I would let you know I have decided to end my life. For reasons that will be clear please visit my video on this site. Thanks for being my friend."

The Boonana malware is spread both via Facebook messages that originate from the Facebook account of a compromised user, as well as in the form of an e-mail attachment. Harley explains that the results are similar regardless of how the message gets there. " When the potential victim tries to run the "video", a message is generated suggesting that the video can't be watched without the installation of special software."

Clicking the link to install the special software will execute a Java applet which works equally well on either Windows or Mac OS X--and ESET has confirmed it also works on Linux systems. Once the computer is infected, the malware checks a list of 161 host names and attempts to redirect traffic to a malicious Web site. However, many of the redirect targets have already been taken down, implying that perhaps the Boonana author is relying on an outdated list of malware servers.

Some have linked Boonana as a sort of Mac-compatible variant of the Koobface worm, but ESET found that there are no similarities in the underlying code and has identified Boonana as a unique threat. This attack is certainly no indication that Macs or Linux PCs will be hit with the volume of malware targeted at the Windows operating system, but it is evidence that malware authors are starting to think in cross-platform terms, and suggests that Mac and Linux users need to remain vigilant about security threats.

Join the PC World newsletter!

Error: Please check your email address.

Tags spamantispamvirusesWindowssoftwareWindows 7operating systemsphishingmalwarewormsMac OSsecurity

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?