Print 117 comment(s) - last by JKflipflop98.. on Nov 6 at 8:52 PM

Mac users are now at risky of getting a nasty virus.  (Source: Listmania)

If it you approve, you are a sad noob, and your Mac is infected.  (Source: Intego)
Mac: Hi PC, I'm not feeling so hot today... PC: Oh, I know ALL about that. I think you have a virus!

Security experts by and large agree that security via obscurity is not a wise model for protecting customers over the long term.  That's exactly the model Apple has employed successfully for some time now.  However, its luck finally appears to be running short.

Hot on the heels of a newly discovered iOS exploit that allows access to locked iPhones, new reports [1] [2] from security research firms 
SecureFirm and Intego reveals that a new trojan is targeting Mac users using a vulnerability in OS X's Java player.

According to the 
Intego report the new malware, trojan.osx.boonana.a, is really a reworked version of the Koobface malware, which has attacked Windows in the past.  The malware acts as a worm when it spreads and as a trojan when it is infecting your computer.

Users may encounter the worm via links posted on Facebook, MySpace, Twitter, and other websites.  When clicking the link, the applet attempts to run.  Users can stop the infection before it starts by denying the applet permission to run when OS X's Java player pops up a dialogue.

If they allow the applet to run, they may get another warning if they have a Mac antispyware program like VirusBarrier X6’s Anti-Spyware installed.  If they don't get the warning, or choose to disregard it, the applet will attempt to make a connection with a remote server and installs a rootkit, backdoor, command and control, and other elements.  These files are copied to an invisible folder -- .jnana -- in the user's home directory.

If the virus is allowed to carry out its infection process, the unsuspecting Mac user may find themselves part of a botnet.  When they log on social networks, the virus will post links to spread the infection.  It may also send spam e-mail via their logged-in accounts

Other variants of this virus target Windows and Linux, making it a rare true cross-platform virus.  All these viruses share the fact that they use the Java player as a route of attack.  According to 
Intego, other OS X-specific versions of the virus have shown up, but most are broken or try to connect to offline servers.

The malware could become potentially more dangerous in the future if it is able to eliminate the warnings from the Java player and/or change the name/location of the infection directory, making it hard for virus removal software to find it.

While it does not appear that this virus takes advantage of any unique flaws in Apple's version of Java, some security experts say that Apple's Java player may have more vulnerabilities than Window's.  That's because Apple makes its own Java player, which according to an e-mailreportedly attributed to Apple Chief Executive Steve Jobs, is always a version behind the official Linux/Windows builds from Sun and Oracle.

Apple is reportedly considering ditching its Java player in future versions of OS X, such as OS X 10.7 "Lion".  Similarly it's considering rejecting Flash, another multimedia web technology.  Ultimately these efforts may eliminate some routes of attack, but now that Apple is being targeted it must realize -- there is 
always a back door.


Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By earlgpz750 on 10/28/2010 12:07:59 PM , Rating: 2
Wow - Fanboy -
To show an example of an infected Mac is like asking for every single Mac Owner to Come to one site and log yes or no if they have it.

Look there are reasons why an individual wouldnt show on a site that they are infected. Jobs will come knocking down the door or some how have that retracted.

Reality is , some people are not that smart and may not come forward with an infection 1) Cause they dont know 2) Dont know that they should report to THIS FORUM

Get over your self with MAC and realize the truth "If it is made by man, it can be broken by man"

That being said, no matter what you say that Mac is more secure is a matter of perspective not reality.

Sure Windows has its flaws, but there is no perfect software OS out there that will be flexible and user (non technical) friendly.

I have been an admin and support for many people so I have seen everyday users and understand thier concerns and seen their habits and usage.

Heres another thought: a Large US company gets their security punched though many layers before they ever shut it of and change connections. But they never advertise that? Why because its bad publicity. So why dont you ask all companies to tell you their security flaws instead of looking for 1 little MAC device?

Again in BOLD for you Tony and your reading pleasure "If it is made by man, it can be broken by man"

Also remember before Jobs kept saying Windows 95/98 should be an "OPEN PLATFORM" and give users the rights to install what they want. All of a sudden he is locking down his OS. Geez,so in one breath he says open system, now that his market share is growing and the false sense of security, he locks and says Yay or Nay to what can and cannot be installed or preloaded?

I own mac and windows lol ironiclly my Macbook Pro is my fastest WINDOWS7 system.

so judging from your remarks here on the forum, you are Job Cult follower and believe everything he says is truth. Mac Evangelistic marketing is fine for competition, but seriously; defending them is honorable outside the fact you think MAC is still Virus Proof.

"This week I got an iPhone. This weekend I got four chargers so I can keep it charged everywhere I go and a land line so I can actually make phone calls." -- Facebook CEO Mark Zuckerberg

Most Popular ArticlesSmartphone Screen Protectors – What To Look For
September 21, 2016, 9:33 AM
UN Meeting to Tackle Antimicrobial Resistance
September 21, 2016, 9:52 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Update: Problem-Free Galaxy Note7s CPSC Approved
September 22, 2016, 5:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki