In-depth look at Boonana Malware

There aren't many threats that impact Windows and Mac OS X, so the Boonana malware deserves a little deeper analysis.

Last week a malware threat emerged that impacted both Windows and Mac OS X systems. To be fair, the attack is more social engineering than PC exploit, but it impacts Mac OS X users just the same. ESET's David Harley has written a more detailed analysis of the Boonana threat, and identified some elements that are contrary to initial reports.

In a blog post explaining the Boonana analysis, Harley describes why the threat is more of a social engineering attack than a worm. "This is very much social engineering-focused malware: its initial attack is on the user, not on the platform, and it isn't self-launching in the first instance. If you smell a rat when you get the authorize install prompt, the malware can't change your system files so as to allow unflagged external access. Actually, most malware (Windows as well as OS X) relies partly or totally on conning the user into running a malicious application."

Boonana uses the common social engineering technique of the "is this you in this video?" to lure users into clicking on the YouTube link. In some instances, it uses a darker, and significantly more compelling bait, with a message that reads "As you are on my friends list I thought I would let you know I have decided to end my life. For reasons that will be clear please visit my video on this site. Thanks for being my friend."

The Boonana malware is spread both via Facebook messages that originate from the Facebook account of a compromised user, as well as in the form of an e-mail attachment. Harley explains that the results are similar regardless of how the message gets there. " When the potential victim tries to run the "video", a message is generated suggesting that the video can't be watched without the installation of special software."

Clicking the link to install the special software will execute a Java applet which works equally well on either Windows or Mac OS X--and ESET has confirmed it also works on Linux systems. Once the computer is infected, the malware checks a list of 161 host names and attempts to redirect traffic to a malicious Web site. However, many of the redirect targets have already been taken down, implying that perhaps the Boonana author is relying on an outdated list of malware servers.

Some have linked Boonana as a sort of Mac-compatible variant of the Koobface worm, but ESET found that there are no similarities in the underlying code and has identified Boonana as a unique threat. This attack is certainly no indication that Macs or Linux PCs will be hit with the volume of malware targeted at the Windows operating system, but it is evidence that malware authors are starting to think in cross-platform terms, and suggests that Mac and Linux users need to remain vigilant about security threats.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwarephishingoperating systemssoftwarespamWindowsvirusesWindows 7antispamwormsMac OS

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?