ESET Discovers Fresh Boonana Variant

The Boonana Trojan, which SecureMac first identified and named, now has a fresh version that ESET has found and named Trojan.osx.boonana.b. SecureMac confirmed ESET's reports.

States ESET that the earlier Boonana version chiefly disseminated through Facebook messages that offered recipients a video obtainable by following a web-link. But the latest one apparently disseminates through an e-mail attachment, with the e-mail being sent out from a contact listed on the computer of an infected user.

The e-mail, which seems to be a suicide note, tells the recipient that since he's on the e-mail sender's address book the latter thought he'd inform his friend (the recipient) that he'll kill himself. Thereafter, the writer requests the recipient to click on a given web-link which takes onto a video and learn about the reasons for the decision. Finally the writer concludes by thanking the recipient for being his pal.

But if anyone follows the web-link, he installs a Java applet that seeks administrative access as also permission for the installation of additional applets that were obtainable from the identical computer-server.

Says SecureMac, if the user proceeds further, the installer manipulates and changes system files so that no password is asked for, thereby making it possible for the attacker to access data on the infected computer. Moreover, whenever the system starts up, the Trojan automatically runs without drawing attention. It then regularly contacts the command-and-control servers and transmits data from the infected PC. When active, the Trojan compromises user accounts for disseminating its payload to other PCs through spam, SecureMac explains. Macnn.com reported this on November 4, 2010.

Meanwhile, SecureMac and ESET have jointly detected 3 websites that update the new Boonana's code and gather data from the contaminated systems.

Fascinatingly, at first glance, the latest Boonana seems to be a Koobface variant that was found to target Windows during 2008. Nevertheless, ESET agrees with SecureMac, which said that Boonana was a distinct malware whose code-base was different from that of the earlier Koobface version.

Eventually, to remain safe from being victimized with the latest Boonana, users are advised not to execute Java applet, when asked for.

Related article: ESET Discusses malware Writers’ Trend

» SPAMfighter News - 11/13/2010