New MacBook Pros are here! Get the lowest prices anywhere: Apple Price Guides updated Sept 16th (exclusive coupons)
 


Wednesday, October 27, 2010, 11:05 am PT (02:05 pm ET)

Java-based Trojan horse targets computers running Apple's Mac OS X

A newly discovered Trojan horse spreading through social networking sites targets Apple's Mac OS X operating system, including the latest version, 10.6 Snow Leopard, by baiting users into clicking a link.

The Trojan, dubbed trojan.osx.boonana.a, appears as a link in messages that read "Is this you in this video?" Clicking the infected link, according to SecureMac, runs a Java applet that attempts to downloads files to the computer, including an installer that launches automatically.

But another antivirus firm, Intego, also issued a notice Wednesday suggesting that the Trojan, a Mac version of the "Koobface" worm, carries a "low risk." The security firm said that the current Mac OS X implementation is flawed, though it admitted the threat exists and is likely to become a more legitimate concern in the future.

The installer reportedly modifies the system and allows remote access to all files on the system, and checks in with control servers to report information from the infected system. The Trojan also automatically runs in the background at startup, and attempts to hide its activities across multiple files.

The virus then spreads by posting messages to social networking sites like Facebook, MySpace and Twitter.

"This is a sobering reminder that hackers are turning their efforts toward Mac OS X as Apple's marketshare grows, and users should be vigilant in protecting their computers and taking precautions when surfing the web," said Nicholas Ptacek, a security researcher at SecureMac.

The Java-based Trojan is said to be cross-platform and includes files that affect both Mac OS X and Microsoft Windows. The security firm noted there have been recent Trojan horses that targeted Windows, but this new threat is cross-platform. SecureMac has released a free tool to remove trojan.osx.boonana.a, while Intego's VirusBarrier X6 and X5 detect and remove the malware.

Last week, Apple said it may remove the Apple-produced Java runtime from future versions of Mac OS X, perhaps starting with next year's 10.7 Lion. The Java runtime shipping in Mac OS X 10.6 Snow Leopard and Mac OS X 10.5 Leopard will be supported through the support cycles of those products.

An e-mail claimed to be sent by Apple Chief Executive Steve Jobs suggested that Java updates issued by Apple are always behind the official builds created by Sun and Oracle. Some have speculated that Oracle could release its own builds of Java for the Mac instead at some point in the near future.