Boonana Trojan variant uncovered, uses same tactics
The Boonana Trojan horse that made the news last week may be more of a hydra, according to security researchers, who have uncovered another variant. However, Mac users already taking precautions have little to worry about, since the variant uses the same broad tactics as the previous known version.
ESET reports that, as opposed to the previous version, which mainly spread via Facebook messages inviting users to click on a link and view a video, this variant seems to spread via a file attached to an e-mail message which originates from an infected computer of one of your contacts.
The message—in this case an apparent suicide note—also purports to include a link to a video, but the link in fact goes to a fake site where a user is prompted to download software in order to view the video. Once installed, the malware copies items to OS X’s Startup Items and then downloads further code from a remote server and then attempts to spread. The malware can also infect Windows and Linux machines.
However, as with the earlier discovered version of the Trojan, users still have the option to block the Java applet from running; when prompted to run the software, a pop-up window will appear with the options to Allow or Deny the software from running.
Security products such as SecureMac’s MacScan and Intego’s VirusBarrier can protect against this variant, and SecureMac is also offering a free removal tool for infected computers. But as always, the best offense is a good defense, so think before you click.