A Java-based version of the Koobface virus is in the wild and attacking Mac OS X - although, in its current form, users need to manually allow it access to their computers.
The method of attack appears to be Facebook, Twitter, and other social networking sites, where users are asked to view a video and then connected to the page where the malware resides in the form of a Java applet. Facebook was the original medium for Koobface when it surfaced in 2009.
Intego Software, a developer of security products for the Mac platform, calls the trojan "OSX/Koobface.A". But the Java applet will also infect Windows PCs and Linux, where it is much more dangerous.
Because the Java applet currently requires a manual installation on Apple's OS X, users will hopefully be protected by common sense; users shouldn't allow unknown files and applets to be installed on their computer. However, if they do, the Mac version of the software apparently is flawed, to boot.
"While Intego has evidence of several infections in the wild, we are not currently able to go beyond this step, as either the malicious malware has bugs preventing it from running correctly, or the servers it contacts are not active or are not serving the correct files," Intego wrote in a blog post.
If fixed, however, the version of Koobface acts as it does on Windows, Intego said. It runs a local web server and an IRC server, acts as part of a botnet, acts as a DNS changer, and can activate a number of other functions, either through files initially installed or other files that are later downloaded. It spreads by posting messages on Facebook, MySpace and Twitter.
In 2009, Microsoft joined Facebook to try and stop the spread of Koobface. It later appeared on Twitter, where some wondered if its had been responsible for a DDoS attack against the service.
Intego warned that Mac users should be wary.
"Mac users should be aware that this threat exists, and that it is likely to be operative in the future, so this Koobface Trojan horse may become an issue for Macs," Intego said.[source]
0 comments:
Post a Comment