Last week we spoke about the Boonana cross-platform malware, using a malicious Java applet to deliver a cross-platform attack that attempts to download further malware to computers running Windows, Unix and Mac OS X.
Since then some we have seen variants of the original Boonana attack. The samples we have seen have been functionally the same, with the hackers behind them seemingly having obfuscated their code to try and waltz around detection.
Their attempts haven’t been good enough to get past Sophos’s products so far (including our new free anti-virus for Mac home users), and we haven’t had to update our generic detection method.
In the samples we have analysed to date, the attack specifically targets Windows and Mac OS X systems, and just happens to infect other platforms that run Java. Depending upon the flavour of Unix, it doesn’t usually complete its ‘life cycle’ if you’re not running Windows or Mac OS X systems.
Of course, we will update our detection of Troj/Boonana should we see new variants that require it.
In the meantime, watch this video I made last week demonstrating the original version of this attack on Windows, Mac OS X and Ubuntu:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
6 comments on “New variant of cross-platform Boonana malware discovered”
So basically, no protection under Linux aside from declining install, correct?
It seems like it might be an odd question to ask, but you never know these days.
Sophos Anti-Virus for Linux detects it too.
Our Windows/Mac/Linux products all include on-access scanners (i.e. block-and-prevent malware), and all share the same set of malware identities. So if the Mac product detects it, the Linux one does, too.
An injury to one is an injury to all 🙂
Fair enough… but what about the Linux home users?
I know they aren't as common as Windows desktop users, but do you guys offer free security for them… or is just the lucky Mac users?
Sorry, I don't mean to sound mean… I just want to check up, that's all.
Not a mean question at all! A great question! And the answer is…
…no. Sorry. Just the lucky Mac users.
At least, just Mac so far. Of course, our marketing department will see your request, so you never know 🙂
Well, I'm also hoping for a free home version for Windows as well… but I figure it's less likely, haha.
But here's to hoping.
yes… the funny thing is only the fools will fall for this. as with a majority of *nix a good portion of these malware you have to legitimately allow it to execute on your system. All in all its not really a trojan that can execute on a physical machine at all more or less a "Virtual" machine virus. Please SOPHOS restrain yourself from sensationalist posts.