Mac anti-Virus Programs

[Ace247]

New variant of Boonana Trojan (trojan.osx.boonana.b) discovered
SecureMac Release
Related: Boonana Trojan Horse Analysis


Posted: November 4th, 2010

Security Risk: Critical

A new variant of the Boonana malware, first documented and named by SecureMac, has been discovered by ESET. The new variant, trojan.osx.boonana.b, behaves in a very similar manner to the original malware, and is currently being distributed on multiple sites. In addition to the website documented by ESET as currently distributing the malware, SecureMac has identified two more websites that are currently hosting the new malware variant. Rather than the initial site which tricks users into running (and installing) the malware, these servers seem to be hosting update code for the malware. The infected machines contact these servers looking for updates to the malware payload. At the time of analysis (November 2nd, 2010), these servers were live, and distributing malware.

In addition to the malware updates, these servers contain what appear to be keystroke logs from infected machines, including usernames and passwords.

With a quick glance, Boonana may look like a variant of Koobface, which was discovered for Windows back in 2008. However, ESET has also confirmed SecureMac's initial analysis of Boonana as a new unique piece of malware, which does not share a common code-base with the previously discovered Koobface worm. ESET's threat analysis of Boonana can be found at: http://blog.eset.com/2010/10/31/boonana-threat-analysis

Additionally, Microsoft identifies the malware as Trojan:Java/Boonana, and rates it as a severe threat for both Mac and Windows: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AJava%2FBoonana

Microsoft's analysis of the OS X version of Boonana, also with a severe threat level, can be found at: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AMacOS_X%2FBoonana

Another security vendor has verified that the Boonana malware is capable of infecting Linux machines, and will proceed to join a botnet once installed. The malware also affects Mac OS X and Microsoft Windows.

SecureMac's free Boonana Trojan Removal Tool can detect and remove the threat for Apple's Mac OS X; manual removal instructions are included in the SecureMac writeups. This free Boonana Trojan Horse Removal Tool ( http://www.securemac.com/boonana/ ) runs on Mac OS X 10.5 and higher - Download from Users may also run MacScan Security and Privacy software ( http://www.securemac.com/ ) for Mac OS X to detect the Boonana Trojan Horse. MacScan runs on Mac OS X 10.2.4 or higher and includes a free 30-day trial. Existing users are encouraged to download the latest malware definitions before scanning.

Any iMac users...so far it supposedly has 'only' affected a few thousand machines, but its still clearly doing the rounds
Up to now I've never had any anti virus software on my Mac but I thinks it's time to install it now.
Securemac is £35 and I think around £20 a year to keep it updated. I use this one ..it's Free .... http://www.sophos.com/products/free-tools/free-mac-anti-virus/ 

[psa@hull]

I use Clamavx it'd free and been good so far.  Will av a look at the you suggest Ace.

[Ace247]

Yeah there are few about now, this one appears to do the job ok and doesn't slow the whole thing down at all...

[marko]

A virus on a mac? I didn't know they could get them.

Thinking about it. Why have macs been virus free compared to the problems pc's have?

[Ace247]

A virus on a mac? I didn't know they could get them.
Thinking about it. Why have macs been virus free compared to the problems pc's have?

This new virus has highlighted a new approach in cross-platform attacks, that will undoubtedly grow as more people utilise Social Networking systems and the fact that Apple is growing very fast very quickly [they have a financial status that rivals Microsoft currently and the internet is riddled with stories of Apple buying up companies...one being Sony]
...and there are a lot of people that hate Apple, as much as others hate Windows.

Its very rare that they have incorporated Linux machines, as this is their own testing OS [generally speaking] from a hackers point of view, but this is a sign of a potential shift to create the 'ultimate' virus which could effect every computer based gadget you have in your possession - laptop, desktop, mobile phone, tablet etc...

[Hígh Treason]

@marko; Because they are less popular and because people that write Viri are usually interested in programming, programmers will rarely buy a Mac because it has nothing to offer them, Apple Operating System is based on the UNIX Kernel, Linux is also based on this Kernel and is free, so if they want a Unix system (Most serious programmers do) they will build a computer (Cheaper than an Apple) and put Linux (Which is free) on that system, if they want to make viruses it is ideal, because they can write it for Windows knowing this will affect the most people, but there is less risk of them being able to set it off on their own system by accident, they will often test it in a Virtual Machine (Think of Virtual Console on Wii, it plays SNES games, in the same way, a Virtual Machine could be running Windows on the Linux system allowing the programmer to isolate the virus whilst testing).

Hehe, I used to write Viruses - I never compiled any that could spread beyond their own folder and none have ever left my Virtual Hard Drive. I also used to write a lot of programs to work around security, MikyByte will probably know what I am on about

Anyhow, ClamWin should work on a Mac, usually programs that can be run in Linux work on Mac if the correct libraries are installed, but if there is no Binaries available, you might have to compile it yourself.

[marko]

I had one of my Charlie Brown moments there but think I understand

I always wondered why they weren't as popular as pc's. I thought it was just a choice thing like Playstation and Xbox.