Windows users have been plagued for years with viruses, keyloggers, Trojan horse programs, and other forms of malware (malevolent software). During this time, Macintosh users have simply smiled as their computers were safe and secure. Most Mac users don't even bother purchasing anti-virus programs as they have never had a need for such things. This complacency may be ending, however.
A newly discovered Trojan horse spreading through social networking sites, such as Facebook, MySpace and Twitter, targets Apple's Mac OS X operating system, including the latest version, 10.6 Snow Leopard, by baiting users into clicking a link. Computers become infected when someone visits a social networking site and sees a message that reads, "Is this you in this video?" Clicking the infected link loads an infected file into your computer.
Antivirus firm Intego issued a notice Wednesday suggesting that the Trojan, a Mac version of the "Koobface" worm, carries a "low risk." The security firm said that the current Mac OS X implementation is flawed, though it admitted the threat exists and is likely to become a more legitimate concern in the future. Apple is expected to soon release an operating system update that will block the new Trojan.
The program, called trojan.osx.boonana.a, runs a Java applet that attempts to download files to any Macintosh system. It then automatically launches an installer that modifies system files and allows remote access to all files on the system. It also checks in with control servers to report information from the infected system. The Trojan also automatically runs in the background at startup, and attempts to hide its activities across multiple files. The thieves who write this malware are then free to remotely connect to your computer and copy any files they wish.
If your computer becomes infected, it is easily cured. SecureMac has released a FREE removal tool to eliminate this threat, which can be downloaded by visiting http://www.securemac.com or downloaded directly from http://macscan.securemac.com/files/BTRT.dmg
Intego's VirusBarrier X6 and X5 at http://www.intego.com/virusbarrier/ sells for $49.95 and will detect and remove the malware. It also offers ongoing protection to block future viruses and Trojans, unlike the free SecureMac program that only removes existing problems.
Luckily, the new Trojan is easily avoided. The safest course of action is to not use social networking sites (Facebook, MySpace and Twitter). However, if you insist on using such sites, never click on any messages or links, even if those messages and links that claim to be from people you know. Your friends' names and email addresses are easily forged by malware programs. The message "Is this you in this video?" is an obvious trap but future versions of this malware could easily use different messages.
Users can further protect themselves from infection by turning off Java in their web browser, although this will also block many legitimate web sites. Java can be turned off in Safari by clicking the Security tab under Safari Preferences, and making sure the "Enable Java" checkbox is unchecked. Firefox, Opera, Camino, and other web browsers also can run without Java.
Finally, use the security features built into OS X. Turn on the built-in firewall, especially when a computer is shared by multiple users. Instructions for turning it on may be found on a number of web sites, including at http://www.cmu.edu/computing/doc/security/mac/firewall.html
Again, the simplest and safest solution is to not visit web sites where viruses and Trojans are known to exist. At this time, the highest risk is on the social networking web sites.
Linux computers are not affected by the new Macintosh Trojan or by the various Windows viruses and Trojans.