Posted on Thursday, October 28 2010 @ 14:48 CEST by Thomas De Maesschalck
News is spreading about a Java Trojan for Mac OS X but according to a report
at OS News the impact is pretty minimal as the attack throws up a nice Java warning cancel/allow dialog and is incapable of installing itself automatically:
The original report comes from SecureMac, which warns Mac OS X users of a trojan horse called Boonana. It supposedly spreads via links on social networking sites (worm), so for instance clicking a link would take you to a website which executes a Java applet (trojan). This applet would download an installer which, SecureMac claims, modifies system files to bypass the system's password. After that, it acts like a rootkit. It runs upon startup, loads up local web and IRC servers, joins a botnet, employs a DNS changer, and a bunch of other stuff.
The problem is that while SecureMac claims that the attack is completely silent, without any user intervention or password dialogs, Intego claims the contrary. In their report, they say the initial Java apple portion throws up a nice Java warning cancel/allow dialog, meaning everything works as intended and the threat level of this attack is low.
