In-depth look at Boonana Malware

There aren't many threats that impact Windows and Mac OS X, so the Boonana malware deserves a little deeper analysis.

Last week a malware threat emerged that impacted both Windows and Mac OS X systems. To be fair, the attack is more social engineering than PC exploit, but it impacts Mac OS X users just the same. ESET's David Harley has written a more detailed analysis of the Boonana threat, and identified some elements that are contrary to initial reports.

In a blog post explaining the Boonana analysis, Harley describes why the threat is more of a social engineering attack than a worm. "This is very much social engineering-focused malware: its initial attack is on the user, not on the platform, and it isn't self-launching in the first instance. If you smell a rat when you get the authorize install prompt, the malware can't change your system files so as to allow unflagged external access. Actually, most malware (Windows as well as OS X) relies partly or totally on conning the user into running a malicious application."

Boonana uses the common social engineering technique of the "is this you in this video?" to lure users into clicking on the YouTube link. In some instances, it uses a darker, and significantly more compelling bait, with a message that reads "As you are on my friends list I thought I would let you know I have decided to end my life. For reasons that will be clear please visit my video on this site. Thanks for being my friend."

The Boonana malware is spread both via Facebook messages that originate from the Facebook account of a compromised user, as well as in the form of an e-mail attachment. Harley explains that the results are similar regardless of how the message gets there. " When the potential victim tries to run the "video", a message is generated suggesting that the video can't be watched without the installation of special software."

Clicking the link to install the special software will execute a Java applet which works equally well on either Windows or Mac OS X--and ESET has confirmed it also works on Linux systems. Once the computer is infected, the malware checks a list of 161 host names and attempts to redirect traffic to a malicious Web site. However, many of the redirect targets have already been taken down, implying that perhaps the Boonana author is relying on an outdated list of malware servers.

Some have linked Boonana as a sort of Mac-compatible variant of the Koobface worm, but ESET found that there are no similarities in the underlying code and has identified Boonana as a unique threat. This attack is certainly no indication that Macs or Linux PCs will be hit with the volume of malware targeted at the Windows operating system, but it is evidence that malware authors are starting to think in cross-platform terms, and suggests that Mac and Linux users need to remain vigilant about security threats.

Tags spamantispamvirusesWindowsWindows 7softwarephishingoperating systemsmalwarewormsMac OSsecurity

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?