Vulnerabilities in Boonana Botnet Allow Exploitation of Infected PCs: Symantec

Researchers from Symantec the security company have cautioned that there are a number of security flaws in the cross-platform Trojan namely Boonana that can let anybody spot them and then exploit the PCs contaminated with it.

Notably, it was in October 2010 that Boonana first emerged disguised as a malicious Java program, which issued commands for contaminating both Mac OS X and Windows computers. Conventionally, the Trojan impacts Twitter and Facebook the social-networking websites.

Moreover, when a PC is infected with Boonana, the system becomes part of a botnet displaying peer-to-peer architecture, while containing certain communication protocol which helps revive from shutdown attempts.

Warns Security Researcher Harshit Nayyar at Symantec, although it was expected that the protocol would make the botnet robust to some extent, but the vulnerabilities within it let anybody with the correct knowledge abuse them for profit or simply fun. Softpedia.com published Nayyar's statement on January 17, 2011. Describing the latest threat, Symantec says that the company's researchers have identified it as Jnanabot.

Meanwhile, Nayyar further blogs that the flaws can in the minimum be abused for gathering details regarding the contaminated PCs, while in the worst situation, they are capable of being used for establishing an active botnet running simultaneously alternatively making it impossible to gain control of one that is already present. Symantec.com reported this on January 18, 2011.

Moreover, according to the researcher, an attack can be successful if the target machine is identified, its information collected, flaw within its active network service exploited, and more attacks executed.

In the meantime, ESET another security company has forecasted for 2011 that there'll be more cross-platform attacks utilizing Java and other vectors that are independent of operating systems, a prediction that Symantec's latest discovery appears to have substantiated. Likewise one more prediction by ESET that Symantec has proved right is that malicious software is likely to go on causing a prominent risk online during 2011.

Ultimately for computer-users to remain safe from the above malicious infection, they've been urged for loading anti-virus software and keeping it up-to-date as well as scanning their PCs for any possible presence of Boonana.

Related article: Vulnerabilities in Web Applications Invite Hackers’ Activities

» SPAMfighter News - 1/25/2011