New variant of Boonana Trojan discovered   Leave a comment

A new variant of the Boonana malware has been discovered by ESET. The new variant, trojan.osx.boonana.b, behaves in a very similar manner to the original malware, and is currently being distributed on multiple sites.

In addition to the website documented by ESET as currently distributing the malware, SecureMac has identified two more websites that are currently hosting the new malware variant.

Rather than the initial site which tricks users into running (and installing) the malware, these servers seem to be hosting update code for the malware. The infected machines contact these servers looking for updates to the malware payload. At the time of analysis (November 2nd, 2010), these servers were live, and distributing malware.

In addition to the malware updates, these servers contain what appear to be keystroke logs from infected machines, including usernames and passwords.

With a quick glance, Boonana may look like a variant of Koobface, which was discovered for Windows back in 2008. However, ESET has also confirmed SecureMac’s initial analysis of Boonana as a new unique piece of malware, which does not share a common code-base with the previously discovered Koobface worm.

Another security vendor has verified that the Boonana malware is capable of infecting Linux machines, and will proceed to join a botnet once installed. The malware also affects Mac OS X and Microsoft Windows.

http://www.net-security.org/malware_news.php?id=1521&utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Advertisements

Posted November 10, 2010 by axxerainc in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: