New Java trojan attacks Mac OS X and Windows

[Emil]

A new Trojan horse that not only affects Windows, but Mac OS X as well, has appeared on social networking sites (including Facebook), primarily disguised as a video. When users click an infected link along the lines of "Is this you in this video?", a Java applet downloads multiple files, including an installer that runs automatically without the user's knowledge. The malware also bypasses the usual password verification OS X requires for installation.

Dubbed trojan.osx.boonana.a by SecureMac, it launches automatically on startup, communicates with command and control servers, and can also crack user accounts on other sites to continue infecting others. The security firm notes that it can spread itself to both Mac OS X and Windows, explaining that recent reports of similar Trojan horses targeted Windows, but did not included cross-platform capabilities.

Microsoft recently published data showing an "unprecedented wave" of Java malware exploits during the third quarter of this year. As we've already argued before, Java is on Apple's kill list, and we think security could be the primary reason.

Disabling Java in your browser can help you avoid infection and for those already infected, SecureMac has created a free removal tool. "This is a sobering reminder that hackers are turning their efforts toward Mac OS X as Apple's marketshare grows, and users should be vigilant in protecting their computers and taking precautions when surfing the web," Nicholas Ptacek, a security researcher at SecureMac, said in a statement.

Permalink to story.

https://www.techspot.com/news/40887-new-java-trojan-attacks-mac-os-x-and-windows.html

 

[UT66]

but, but
http://www.youtube.com/watch?v=FxOIebkmrqs&feature=related

 

[TwiztidSef]

Never thought about a cross platform program(java) having the ability to infect multiple operating systems. It makes sense to target java. This also shows hackers are going after consumers and not operating systems.

Would this also infect Linux? I guess it would depend on how the virus was programed.

 

[gwailo247]

By trying to isolate people from the critical thinking skills needed to safely use the internet, Apple is not doing them a favor. Instead of teaching people not to click on random links, it thinks that by eliminating the vector of Java you're somehow going to eliminate this sort of attack.

 

[TeamworkGuy2]

I am surprised, this is one of the first cross platform (Mac and Windows) attacks I have read about on Techspot.
Probably not the first, just one that happened to catch the news.
I see gwailo247's point in the preceding post. Eliminating points by which infections occur will never solve the problem.
Attackers will just find new ways to attack, so the only real solution would be to dissolve the internet, if you take Apple's approach.

 

[frodough]

let's face it, windows should expect it. apple should deserve it. apple's vulnerability is so high i cant wait till these attacks becomes the norm. then apple users cant say silly things like 'apple dont have viruses, but windows do' anymore

 

[ReMonster]

Apple, it JUST works. (Unless something goes wrong, then its 3rd party software's fault aka java, adobe, microsoft, etc)

 

[zenpanda]

The only social networking site that I occasionally use is Twitter, and I always take a moment to consider all links that I'm "thinking" about clicking. In other words, I don't click a link blindly just because it's there. Unfortunately, most internet users of social networking site aren't as cautious with such things. Facebook and other such sites should consider implementing a user wide alert messaging protocol right after users login, warning users about any ongoing/potential/current malicious attacks.

 

[matrix86]

"This is a sobering reminder that hackers are turning their efforts toward Mac OS X as Apple's marketshare grows..."

See? I've been saying the same thing for 5 years now. It's nice to see someone else catching on.

On another note, now we see why Apple is planning on killing Java. The scary thing is that it seems hackers are getting smarter. They are now learning how to infect across platforms.

 

[klepto12]

WOW finally apple has something bad on there hands but really completely removing java thats the way apple lets all just move to crapple stuff so it makes it easier on them so they have full control of everything.

 

[Kibaruk]

Am I the only one that is reading "apple is conspiring towards bringing java down?" after all the timed board posts? O_o

Maybe thats just my paranoia.

 

[Timonius]

I can understand the control freak nature of Apple, but people still need to realize no OS is perfect and someone somewhere will find a flaw or write a trojan, virus, etc. for whatever you use. The more people that use it the more it will be targeted.

 

[mtrenal]

Apple has for too long held the "more secure than windows" spot just because of the fact that there are so fewer viruses, trojans, etc. written that can run on Macs. In a sense it is a good thing that OS X is being targeted too- it provides encouragement for the users that Apple targets in the first place (the ones who are confused by Windows) to actually learn how to be safe on the internet instead of just assuming that their Mac is an invulnerable fortress when it comes to harmful scripts.

 

[Guest]

What a coincidence. Steve Jobs wants to axe the Java platform from all Apple products. Now all of a sudden we have a Trojan Java virus affecting the Win and Mac OS. Interesting and convenient all at once.

 

[oasis789]

security by obscurity is never a good strategy.

 

[whiteandnerdy]

mac users beware, the hackers are coming for you muahaha.

i think that it's kinda interesting how the whole thing between apple and java is going on while this happened too

 

[Geniusguy]

Am shocked, if there any antivirus out there to catch this??

 

[medguydan]

wow, an OSX vulnerability comes to light and all the windows fanboys start pouring from the woodwork. Timonius hit the nail on the head regarding hackers simply hitting windows because it's on more computers. gwailo247, you've got a good point about critical thinking skills, but let's face facts that the majority of computer users don't take the time to question *every* choice they make on a reasonably trustable website...I know I don't

 

[HaMsTeYr]

I don't know why people still fall for the "LOL OMG IS THIS YOU" Trick.

OSX or Windows, I think people need to go to How-To-NOT-Think-Like-An-***** School.

 

[Skyphox]

hamsteyr said:
I don't know why people still fall for the "LOL OMG IS THIS YOU" Trick.

OSX or Windows, I think people need to go to How-To-NOT-Think-Like-An-***** School.

This.

 

[Darth Shiv]

twiztidsef said:
Never thought about a cross platform program(java) having the ability to infect multiple operating systems. It makes sense to target java. This also shows hackers are going after consumers and not operating systems.

Would this also infect Linux? I guess it would depend on how the virus was programed.

If the java api was open and implemented by many vendors, then it wouldn't really be a problem. Problem is when a single vendor is providing for all platforms. Adobe Flash, PDF are good candidates for this problem as we see all the time. Dump the closed platform stuff and the problem dissipates.

 

[uttaradhaka]

Awesome.. This is an excellent reminder to the Mac fanboys that the only reason that there are a lot of viruses in Windows is because it holds almost 90 percent of the PC market. Not because Macs are more secure.

You see, in this day and age of the internet and the open nature of information, anything and everything with 0s and 1s can be cracked and hacked into.

Just hope the Java people manage to better the safety of their platform before developers start seeing them in the same light as Adobe.

 

[Razerblade]

This just proves the fact that Apple isn't "indistructable" as many people think. Viruses just arent written for Mac's because hackers want to target the majority of computer users, which are PC's. Windows has a lot more security features as there are so many more viruses around. As Apple continues to gain market share more and more viruses will be released for them.

Simple question, If you were a hacker and wanted to hack a bank, what operating system would you write it for? Windows as all the banks use them! (Here in the UK anyway!)

 

[XnaX]

This is great! Yet another dumb 'buy a mac'-reason eliminated Has Apple approved any AV software or are they clinging on to the whole 'sick leaf - burn the tree' thing?

 

[jetkami]

"But the Geeksquad salesperson at Bestbuy told me that there were no viruses for Macs..." LOL...Ah-hahaha. I love it. Now let the true OS wars begin! I want to lick the tears of sadness from the mac users faces and relish the salty taste of sweet dumb-foundedness in each tear. Ooooh to bathe in the depths of their disbelief that their Mac is vulnerable.