The Boonana Trojan has been making the headlines in the last 24 hours. The reason why the threat, which has been compared to Koobface – but is technically not a member of that malware family, has been getting so much attention is that it doesn’t just infect Windows, but targets Mac OS X and Linux computers too.
The Boonana Trojan horse appears to have been spread via Facebook in messages asking “is this you in this video”.
IMPORTANT! PLEASE READ. Hi <username>. Is this you in this video here : <link>
Clicking on the link takes you to an external website that displays an image of a woman (grabbed from the Hot Or Not website).
Visitors to the webpage who want to see more are prompted to give permission for an applet called JPhotoAlbum.class to be run from inside a Java Archive (JAR) called JNANA.TSA.
Whether you are running Windows, Mac OS X or Linux on your computer, if you give permission for the highly obfuscated Java app to run then the malware will sneakily download a variety of programs from the internet which it will then execute on your computer.
Files which can be downloaded include:
applet_hosts.txt
cplibs.zip
jnana_12.0.tsa
jnana.pix
OSXDriverUpdates.tar
pax_wintl.crc
pax_wintl.zip
rawpct.crc
rawpct.zip
rvwop.crc
rvwop.zip
VfxdSys.zip
WinStart.zip
Sophos detects various components of the attack as Troj/Boonana-A, Troj/KoobStrt-A, Troj/KoobInst-A, Troj/KoobCls-A, Troj/Agent-PDY, Troj/DwnLdr-IOX, and Troj/DwnLdr-IOY. In addition, Sophos’s web protection blocks access to the malicious webpages.
Don’t forget to always be careful about what links you click on, even if they appear to have been shared by someone you know on Facebook.
And if you’re a user of Linux or Mac OS X, don’t think that the malware problem only exists on Windows. Malicious hackers are becoming increasingly interested in targeting other platforms, and if users of your operating system have a reputation for being dismissive about the risk of malware on your preferred OS, the bad guys may consider you a soft target.
