Boonana Mac Trojan was ‘not Koobface’, says Microsoft

Facebook 'Mac-PC-Linux' malware is new after all

The widely-reported 'Boonana' Trojan was a new piece of malware after all and had nothing directly to do with Koobface, Microsoft and other security companies have reported a week after the event.

At the time, Mac security software company SecureMac reported Boonana as trojan.osx.boonana.a, later identified by Mac security specialist Intego and other companies as a variant of the Koobface worm that has been attacking Facebook users since 2008.

However, according to Microsoft, ESET and SecureMac, the similarity with Koobface doesn't appear to stretch beyond its general tactics and the fact that it attacks using Facebook and other social media sites. At a code level, what Microsoft now identifies as Trojan:Java/Boonana is a distinct piece of malware.

The main significance of Boonana could be that its Java design allows it to attack both Windows PCs and Apple Mac computers, and at least run on Linux, the first time such a design has been seen since the age of Macros viruses in the 1990s. Where the software hails from is unknown although one of its first actions on infecting computers is to try to contact a Russian FTP server.

The fact that Boonana is distinct family of malware rather than a variant matters in a small but important way. A new branch of malware capable of attacking across operating systems suggests a new direction in malware innovation. If Boonana was a simple variant it might count more as a one-off experiment.

Programming and platforms apart, Boonana's use of Facebook often shows that social engineering skill is its real forte. Originally pushed with basic 'watch this video' lures, the malware has subsequently tried more sophisticated messages, including one based on an apparent suicide notice.

"As you are on my friends list I thought I would let you know I have decided to end my life. For reasons that will be clear please visit my video on this site. Thanks for being my friend, " says one reported by ESET. As with much contemporary malware, the platform is secondary in the mind of the creator. It is the user that is being attacked first and foremost.

Join the CSO newsletter!

Error: Please check your email address.

Tags ApplePersonal TechMicrosoftsecurityIntegoFacebook

More about AppleFacebookIntegoLinuxMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place