Last week we spoke about the Boonana cross-platform malware, using a malicious Java applet to deliver a cross-platform attack that attempts to download further malware to computers running Windows, Unix and Mac OS X.
Since then some we have seen variants of the original Boonana attack. The samples we have seen have been functionally the same, with the hackers behind them seemingly having obfuscated their code to try and waltz around detection.
Their attempts haven’t been good enough to get past Sophos’s products so far (including our new free anti-virus for Mac home users), and we haven’t had to update our generic detection method.
In the samples we have analysed to date, the attack specifically targets Windows and Mac OS X systems, and just happens to infect other platforms that run Java. Depending upon the flavour of Unix, it doesn’t usually complete its ‘life cycle’ if you’re not running Windows or Mac OS X systems.
Of course, we will update our detection of Troj/Boonana should we see new variants that require it.
In the meantime, watch this video I made last week demonstrating the original version of this attack on Windows, Mac OS X and Ubuntu:
[youtube=http://www.youtube.com/watch?v=I7RcKVwoNME&w=500&h=308&rel=0]