In-depth look at Boonana Malware

There aren't many threats that impact Windows and Mac OS X, so the Boonana malware deserves a little deeper analysis.

Last week a malware threat emerged that impacted both Windows and Mac OS X systems. To be fair, the attack is more social engineering than PC exploit, but it impacts Mac OS X users just the same. ESET's David Harley has written a more detailed analysis of the Boonana threat, and identified some elements that are contrary to initial reports.

In a blog post explaining the Boonana analysis, Harley describes why the threat is more of a social engineering attack than a worm. "This is very much social engineering-focused malware: its initial attack is on the user, not on the platform, and it isn't self-launching in the first instance. If you smell a rat when you get the authorize install prompt, the malware can't change your system files so as to allow unflagged external access. Actually, most malware (Windows as well as OS X) relies partly or totally on conning the user into running a malicious application."

Boonana uses the common social engineering technique of the "is this you in this video?" to lure users into clicking on the YouTube link. In some instances, it uses a darker, and significantly more compelling bait, with a message that reads "As you are on my friends list I thought I would let you know I have decided to end my life. For reasons that will be clear please visit my video on this site. Thanks for being my friend."

The Boonana malware is spread both via Facebook messages that originate from the Facebook account of a compromised user, as well as in the form of an e-mail attachment. Harley explains that the results are similar regardless of how the message gets there. " When the potential victim tries to run the "video", a message is generated suggesting that the video can't be watched without the installation of special software."

Clicking the link to install the special software will execute a Java applet which works equally well on either Windows or Mac OS X--and ESET has confirmed it also works on Linux systems. Once the computer is infected, the malware checks a list of 161 host names and attempts to redirect traffic to a malicious Web site. However, many of the redirect targets have already been taken down, implying that perhaps the Boonana author is relying on an outdated list of malware servers.

Some have linked Boonana as a sort of Mac-compatible variant of the Koobface worm, but ESET found that there are no similarities in the underlying code and has identified Boonana as a unique threat. This attack is certainly no indication that Macs or Linux PCs will be hit with the volume of malware targeted at the Windows operating system, but it is evidence that malware authors are starting to think in cross-platform terms, and suggests that Mac and Linux users need to remain vigilant about security threats.

Join the CSO newsletter!

Error: Please check your email address.

Tags spamantispamvirusesWindowssoftwareWindows 7operating systemsphishingmalwarewormsMac OSsecurity

More about FacebookLinuxMacsMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts