A new hybrid of the Koobface worm that targets Mac OS X, Windows and Linux users is spreading through Facebook, Twitter and MySpace.
Antivirus firms have reported the new malware, dubbed ‘Boonana' when Intego and SecureMac warned Mac OS X users that the worm is aimed firmly at them.
Boonana spreads through messages posted to social networking and microblogging sites. These say “Is this you in the video?” and link to a malicious site. People who click are then asked to run a Java applet.
Symantec researcher Jeet Morparia said: “The [malware] is written in Java, which is a platform independent language, Individual modules contain Java compiled files, which are packaged in a Java runtime executable. As long as a computer has the Java Runtime Environment (JRE) installed on it, which is often the case across all the platforms, the threat can execute itself.”
The worm is particularly nasty as it includes an IRC connector used by the hacker to issue commands to hijacked computers, a keylogger to steal usernames and passwords and a rootkit to hide it from security software. Boonana includes a component that reads browser cookies of users logged into Facebook then posts more messages and links on the site using those Facebook accounts.
Kitguru says: Koobface is an anagram of Facebook, but isn't nearly as nice.
ouch, this is a sophisticated bit of code.