Koobface Targets Mac Users on Social Networks

A Mac version of the infamous Koobface worm is making the rounds on social networking sites, according to security researchers.

Koobface has a long history on enmity among users of social networking sites, having first appeared in 2008. Traditionally, Koobface targets Windows users on Facebook, Twitter, MySpace and other popular sites.

This time, according to an analysis by Intego, the malware is being served as part of a multiplatform attack via a malicious Java applet.

“Users can deny or allow the applet access to their computers,” Intego reported. “If they click Deny, the applet will not run, and no infection will occur. If they click Allow, however, the applet will run, and will attempt to download files from one or more remote servers.”

Downloaded files are stored in an invisible folder (.jnana) in the current user’s home folder, Intego’s advisory continued. These files include elements designed to infect Mac OS X, Windows and Linux.

“The Java applet should also download an installer that will then launch and attempt to install the malware,” according to Intego. “While [the company] has evidence of several infections in the wild, we are not currently able to go beyond this step, as either the malicious malware has bugs preventing it from running correctly, or the servers it contacts are not active or are not serving the correct files.”

If it installs correctly, the malware potentially would function the same as it does on Windows. The malware spreads by posting messages that typically try to entice people into clicking a link to view a video, the company said.

An advisory on the issue on the SecureMac site warned that the malware is currently appearing on sites with the message “Is this you in this video?”