Security researchers are warning users about a version of Koobface targeting Mac users that is spreading on Facebook and other social networks.
A Mac version of the infamous Koobface worm is making the rounds on social
networking sites, according to security researchers.
Koobface
has a long history on enmity among users of social networking sites, having
first appeared in 2008. Traditionally, Koobface targets Windows users on
Facebook, Twitter, MySpace and other popular sites.
This time,
according
to an analysis by Intego, the malware is being served as part of a multiplatform
attack via a malicious Java applet.
"Users can deny or allow the applet access to their computers,"
Intego reported. "If they click Deny, the applet will not run, and no
infection will occur. If they click Allow, however, the applet will run, and
will attempt to download files from one or more remote servers."
Downloaded files are stored in an invisible folder (.jnana) in the current
user's home folder, Intego's advisory continued. These files include elements
designed to infect Mac OS X, Windows and Linux.
"The Java applet should also download an installer that will then
launch and attempt to
install
the malware," according to Intego. "While [the company] has
evidence of several infections in the wild, we are not currently able to go
beyond this step, as either the malicious malware has bugs preventing it from
running correctly, or the servers it contacts are not active or are not serving
the correct files."
If it installs correctly, the malware potentially would function the same as
it does on Windows. The malware spreads by posting messages that typically try
to entice people into clicking a link to view a video, the company said.
An
advisory on the
issue on the SecureMac site warned that the malware is currently
appearing on sites with the message "Is this you in this video?"
Email
Print
