A new version of the infamous Koobface worm designed to attack Mac OS X computers is spreading through Facebook and other social networking sites, security experts warn.
Security software maker Intego says this Mac OS X version of the Koobface worm is being served as part of a multi-platform attack that uses a malicious Java applet to attack users. According to Intego, the applet includes a prompt to install the malicious software:
Intego notes that if the download is allowed, “it runs a local web server and an IRC server, acts as part of a botnet, acts as a DNS changer, and can activate a number of other functions, either through files initially installed or other files downloaded subsequently. It spreads by posting messages on Facebook, MySpace and Twitter, usually trying to get people to click a link to view some sort of video.”
SecureMac also has a writeup on what appears to be the same threat, which it calls OSX.Boonana.a. SecureMac says that “there have been reports of similar behavior in recent trojan horses targeting Microsoft Windows, but they have not included cross-platform capabilities until now.”
It is not surprising that attackers would begin leveraging Java to attack Mac users with threats that have traditionally only menaced Windows users. My research shows that Java is now the leading vector of attacks against Windows systems, findings that recently were buttressed by oodles of attack data released by Microsoft. Also, Java was designed to be a cross-platform technology that would allow applications to run seamlessly regardless of the operating system relied upon by the user. It makes sense for attackers to consider Java as a platform-agnostic vehicle for delivering platform-specific malicious software.
Mac users can turn off Java in Safari by unchecking the box next to “Enable Java” in the “Security” panel of the Safari preferences panel. Firefox users can disable Java in the browser via the “Plugins” tab of the Add-ons menu.
Mac OS X machines ship with their own versions of Java, which Apple updates from time to time. Last week, Apple shipped a new version of Java for OS X that fixes at least four security holes in the program. Updates are available through Apple Software Update or Apple Downloads.
Malware that attacks Mac users may not have Java to kick around for much longer. As The Register and a number of other tech publications reported last week, Apple has “deprecated” Java on Mac OS X, meaning it will pay even less attention to upkeep of the platform, and it may kill the platform entirely on a future version of its operating system.
Update, Oct. 30, 1:12 p.m. ET: Researchers at Paretologic have published an interesting blog post showing that this attack also can infect Linux installations with Java installed.