New Java trojan attacks Mac OS X and Windows

By on October 27, 2010, 4:27 PM
A new Trojan horse that not only affects Windows, but Mac OS X as well, has appeared on social networking sites (including Facebook), primarily disguised as a video. When users click an infected link along the lines of "Is this you in this video?", a Java applet downloads multiple files, including an installer that runs automatically without the user's knowledge. The malware also bypasses the usual password verification OS X requires for installation.

Dubbed trojan.osx.boonana.a by SecureMac, it launches automatically on startup, communicates with command and control servers, and can also crack user accounts on other sites to continue infecting others. The security firm notes that it can spread itself to both Mac OS X and Windows, explaining that recent reports of similar Trojan horses targeted Windows, but did not included cross-platform capabilities.

Microsoft recently published data showing an "unprecedented wave" of Java malware exploits during the third quarter of this year. As we've already argued before, Java is on Apple's kill list, and we think security could be the primary reason.

Disabling Java in your browser can help you avoid infection and for those already infected, SecureMac has created a free removal tool. "This is a sobering reminder that hackers are turning their efforts toward Mac OS X as Apple's marketshare grows, and users should be vigilant in protecting their computers and taking precautions when surfing the web," Nicholas Ptacek, a security researcher at SecureMac, said in a statement.





User Comments: 44

Got something to say? Post a comment
TwiztidSef said:

Never thought about a cross platform program(java) having the ability to infect multiple operating systems. It makes sense to target java. This also shows hackers are going after consumers and not operating systems.

Would this also infect Linux? I guess it would depend on how the virus was programed.

gwailo247, TechSpot Chancellor, said:

By trying to isolate people from the critical thinking skills needed to safely use the internet, Apple is not doing them a favor. Instead of teaching people not to click on random links, it thinks that by eliminating the vector of Java you're somehow going to eliminate this sort of attack.

TeamworkGuy2 said:

I am surprised, this is one of the first cross platform (Mac and Windows) attacks I have read about on Techspot.

Probably not the first, just one that happened to catch the news.

I see gwailo247's point in the preceding post. Eliminating points by which infections occur will never solve the problem.

Attackers will just find new ways to attack, so the only real solution would be to dissolve the internet, if you take Apple's approach.

frodough said:

let's face it, windows should expect it. apple should deserve it. apple's vulnerability is so high i cant wait till these attacks becomes the norm. then apple users cant say silly things like 'apple dont have viruses, but windows do' anymore

ReMonster said:

Apple, it JUST works. (Unless something goes wrong, then its 3rd party software's fault aka java, adobe, microsoft, etc)

omega00 said:

The only social networking site that I occasionally use is Twitter, and I always take a moment to consider all links that I'm "thinking" about clicking. In other words, I don't click a link blindly just because it's there. Unfortunately, most internet users of social networking site aren't as cautious with such things. Facebook and other such sites should consider implementing a user wide alert messaging protocol right after users login, warning users about any ongoing/potential/current malicious attacks.

matrix86 matrix86 said:

"This is a sobering reminder that hackers are turning their efforts toward Mac OS X as Apple's marketshare grows..."

See? I've been saying the same thing for 5 years now. It's nice to see someone else catching on.

On another note, now we see why Apple is planning on killing Java. The scary thing is that it seems hackers are getting smarter. They are now learning how to infect across platforms.

klepto12 klepto12, TechSpot Paladin, said:

WOW finally apple has something bad on there hands but really completely removing java thats the way apple lets all just move to crapple stuff so it makes it easier on them so they have full control of everything.

Kibaruk Kibaruk, TechSpot Paladin, said:

Am I the only one that is reading "apple is conspiring towards bringing java down?" after all the timed board posts? O_o

Maybe thats just my paranoia.

Timonius Timonius said:

I can understand the control freak nature of Apple, but people still need to realize no OS is perfect and someone somewhere will find a flaw or write a trojan, virus, etc. for whatever you use. The more people that use it the more it will be targeted.

mtrenal said:

Apple has for too long held the "more secure than windows" spot just because of the fact that there are so fewer viruses, trojans, etc. written that can run on Macs. In a sense it is a good thing that OS X is being targeted too- it provides encouragement for the users that Apple targets in the first place (the ones who are confused by Windows) to actually learn how to be safe on the internet instead of just assuming that their Mac is an invulnerable fortress when it comes to harmful scripts.

Guest said:

What a coincidence. Steve Jobs wants to axe the Java platform from all Apple products. Now all of a sudden we have a Trojan Java virus affecting the Win and Mac OS. Interesting and convenient all at once.

oasis789 said:

security by obscurity is never a good strategy.

whiteandnerdy said:

mac users beware, the hackers are coming for you muahaha.

i think that it's kinda interesting how the whole thing between apple and java is going on while this happened too

Geniusguy said:

Am shocked, if there any antivirus out there to catch this??

medguydan said:

wow, an OSX vulnerability comes to light and all the windows fanboys start pouring from the woodwork. Timonius hit the nail on the head regarding hackers simply hitting windows because it's on more computers. gwailo247, you've got a good point about critical thinking skills, but let's face facts that the majority of computer users don't take the time to question *every* choice they make on a reasonably trustable website...I know I don't

HaMsTeYr HaMsTeYr said:

I don't know why people still fall for the "LOL OMG IS THIS YOU" Trick.

OSX or Windows, I think people need to go to How-To-NOT-Think-Like-An-***** School.

Skyphox said:

hamsteyr said:

I don't know why people still fall for the "LOL OMG IS THIS YOU" Trick.

OSX or Windows, I think people need to go to How-To-NOT-Think-Like-An-***** School.

This.

Darth Shiv Darth Shiv said:

twiztidsef said:

Never thought about a cross platform program(java) having the ability to infect multiple operating systems. It makes sense to target java. This also shows hackers are going after consumers and not operating systems.

Would this also infect Linux? I guess it would depend on how the virus was programed.

If the java api was open and implemented by many vendors, then it wouldn't really be a problem. Problem is when a single vendor is providing for all platforms. Adobe Flash, PDF are good candidates for this problem as we see all the time. Dump the closed platform stuff and the problem dissipates.

uttaradhaka said:

Awesome.. This is an excellent reminder to the Mac fanboys that the only reason that there are a lot of viruses in Windows is because it holds almost 90 percent of the PC market. Not because Macs are more secure.

You see, in this day and age of the internet and the open nature of information, anything and everything with 0s and 1s can be cracked and hacked into.

Just hope the Java people manage to better the safety of their platform before developers start seeing them in the same light as Adobe.

Razerblade said:

This just proves the fact that Apple isn't "indistructable" as many people think. Viruses just arent written for Mac's because hackers want to target the majority of computer users, which are PC's. Windows has a lot more security features as there are so many more viruses around. As Apple continues to gain market share more and more viruses will be released for them.

Simple question, If you were a hacker and wanted to hack a bank, what operating system would you write it for? Windows as all the banks use them! (Here in the UK anyway!)

XnaX said:

This is great! Yet another dumb 'buy a mac'-reason eliminated Has Apple approved any AV software or are they clinging on to the whole 'sick leaf - burn the tree' thing?

limpangel limpangel said:

@xnax: Panda already released an AV for MAC [http://news.cnet.com/8301-1009_3-20020159-83.html]

This is why I keep plugins like JAVA disabled and I enable them only when I need it.

jetkami said:

"But the Geeksquad salesperson at Bestbuy told me that there were no viruses for Macs..." LOL...Ah-hahaha. I love it. Now let the true OS wars begin! I want to lick the tears of sadness from the mac users faces and relish the salty taste of sweet dumb-foundedness in each tear. Ooooh to bathe in the depths of their disbelief that their Mac is vulnerable.

pyari said:

I just not think to use social networking sites.....I guess never....do I? I don't know till now I don't like it coz I don't have time to timepass.....hahaha......few days ago I just said one IT professional(who have mac book) apple have virus....he said just one virus....then I said this is the beginning.....now see we have cross platform trojan....in few weeks all windows virus (0ld or new) are gonna cross platform then what? apple said we already AV?

xcelofjkl said:

The advantages of not having facebook

Uvindu said:

It is quite nice to see that Hackers haven't forgotten Mac OSX. I thought that Steve Jobs would be jealous with microsoft because so many hackers are so attracted to windows and not many will keep MAC OSX on par. Not to worry Jobs, Hackers have seen your misery and felt bad for ignoring you for so long. They will come to the rescue and bring apple's name to a comparable status as windows

Uvindu said:

On a serious note, I knew it won't be long before this happens. Apple is becoming very popular and hackers have noted this. Since Apple wasn't a major victim for viruses, it's security hasn't been improved to the extent of windows. They did not know the vulnerabilities in MAC until they got infected. The fact that MAC doesn't have much viruses used to be an advantage but now it has turned around to become a disadvantage, because no one knows what sort of security holes are ther ein MAC. I hope this sort of thing gets resolved on both platforms. I don't want to see Apples name go down the drain, even if their products are highly overrated and very expensive.

ViNCiLiCiouS said:

I hate saying this, but I am happy hackers are targeting OS X. I swear some people out there think Mac OS X has some legendary anti-virus code and these people need a rude awakening.

nickblame said:

Hold on a second, disabling java on browser makes the world safer? Yeah shuting down the computer makes it even safer.

Java is secure, if you don't know where tha java notification came from then don't click on the run button. Its not that hard and its all you need.

jazboy said:

Lot of sites specially bank site require java to be enabled .. So can't disable this .. But i hope Anti-virus should e able to handle..

jazboy said:

Few months back i read some where in article that in one hacker competition MAC OS was the first one to hack and it took two days for hacker to hack in Windows vista even after giving some room. and as we can expect Ubuntu (linux) was not hacked in this 3 days hacking competition.

SNGX1275 SNGX1275, TS Forces Special, said:

Understandably there are a lot of (well all of these posts) posts with a 'ha ha' attitude towards Macs and their users. Maybe that is deserved, maybe it isn't. I know a few Mac users that aren't computer savvy, but I can say the same thing about Windows users. I don't know any Mac users that think they are invincible to attacks, but apparently I'm in a big minority, or everyone just stereotypes.

But, from everything I gather, to get infected by this in OS X you STILL have to give it permission. It seems you have to accept an unsigned certificate with root privileges, then on top of that you have to give it your password for it to gain the root access it needs to do its thing.

So you have to click allow to an unsigned, and then also give it your password. Sure it can happen, but this isn't the fault of OS X, it is the user's fault. This same thing occurs on Windows, except perhaps without the need for a root password (XP?).

mpsteel said:

I think the day is soon approaching where worms and Botnet's to the likes of Conficker will be infecting Apples. It will be interesting to see how Apple handles them.

brianmsu said:

what would a virus on a mac even do??? pop ups all over? spam to buy an antivirus? its inconcievable to me

Puiu Puiu said:

I foresee a lot of problems for steve jobs in the near future.

Leeky Leeky said:

Understandably there are a lot of (well all of these posts) posts with a 'ha ha' attitude towards Macs and their users. Maybe that is deserved, maybe it isn't. I know a few Mac users that aren't computer savvy, but I can say the same thing about Windows users. I don't know any Mac users that think they are invincible to attacks, but apparently I'm in a big minority, or everyone just stereotypes.

But, from everything I gather, to get infected by this in OS X you STILL have to give it permission. It seems you have to accept an unsigned certificate with root privileges, then on top of that you have to give it your password for it to gain the root access it needs to do its thing.

So you have to click allow to an unsigned, and then also give it your password. Sure it can happen, but this isn't the fault of OS X, it is the user's fault. This same thing occurs on Windows, except perhaps without the need for a root password (XP?).

I agree, and the same would be true for any other Os that is Unix or Linux based, including OS X.

You really can't blame your OS when you your silly enough to click a link asking if its you, stupid enough to not consider why your being asked for root permissions for a video (or any java app/instance), and then blindly give it your password because you want the box to disappear.

The problem is squarely on the user, which ironically is exactly what the trojan's producer is hoping for a user to do.

Bottom line is simple - Excercise some common sense and it won't happen to you, regardless of your OS.

turbotank84 said:

Apple is so not secure after all. Lolz.

AbsolutGaloot said:

Sadly, it's not just mac users that don't bother to educate themselves about how to be safe. There are more than a fair share of windows users that don't know/care enough to learn about this either.

Leeky Leeky said:

Sadly, it's not just mac users that don't bother to educate themselves about how to be safe. There are more than a fair share of windows users that don't know/care enough to learn about this either.

The same is true of any user really - Unfortunately most casual users don't take a proactive approach to security, they deal with it once its happened and they've lost all there data, which coincidently they never back up either. lol.

I'm forever having to save my two brothers and sister from the same fate because of there ignorance - It just goes in one ear and out the other though unfortunately.

Guest said:

I would like to know the same about Linux...

twiztidsef

on October 27, 2010

4:52 PM Never thought about a cross platform program(java) having the ability to infect multiple operating systems. It makes sense to target java. This also shows hackers are going after consumers and not operating systems.

Would this also infect Linux? I guess it would depend on how the virus was programed.

Gere3 said:

Macs don't usually get viruses. I'm on Mac, and I've never dealed with such problems (considering the fact the only "anti-virus software" I use is protemac. com ProteMac Netmine.)

Leeky Leeky said:

Would this also infect Linux? I guess it would depend on how the virus was programed.

Yes, its possible it could take advantage of Java vulnerabilities.

Its unlikely in my experience though, as long as the install is correctly configured and protected.

The reason Mac/Linux/BSD etc etc aren't so vulnerable is due to user permissions, and the inability to run scripts without "elevated" permissions of root. These can be bypassed, but the control has to be given by the user to achieve this.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.