Koobface turns eyes towards Macs

gallery

A Mac version of the infamous Koobface worm has been discovered for the first time.

The malware propagates via social networks like Facebook and Twitter, and once installed via a Trojan horse, it implants a rootkit, a backdoor as well as a command and control centre.

Intego’s Virus Monitoring Centre had been tracking the Mac version of the worm but did not feel compelled to issue a release about it given the low risk it posed.

The security firm has discovered a number of infections in the wild, although they have not caused any noticeable damage.

“Either the malicious malware has bugs preventing it from running correctly, or the servers it contacts are not active or are not serving the correct files,” Intego said.

“While this is an especially malicious piece of malware, the current Mac OS X implementation is flawed and the threat is therefore low.”

Koobface attackers use social engineering tricks to get users to click on a link, which will direct the target to a malicious website that will then try to load a Java applet.

This will bring up a standard Mac OS X Java security alert and if the user clicks ‘Allow’ the applet will run and try to download files from one or more remote servers.

“If files are downloaded, they are stored in an invisible folder (.jnana) in the current user’s home folder,” Intego explained.

“These files include elements designed to infect Mac OS X, Windows and Linux. The Java applet should also download an installer that will then launch and attempt to install the malware.”

Koobface was first spotted in 2008, using subject headers such as "You look just awesome in this new movie," to lure users in.

Earlier this year, it emerged Koobface attackers were tracking the success of their fake YouTube pages.

Email to a friend

Print this page