∞ SecureMac discovers Mac OS X trojan horse

Macintosh security firm, SecureMac, on Wednesday discovered a new trojan affecting Mac OS X, including Snow Leopard.

[ad#Google Adsense 300×250 in story]The trojan, which has been dubbed “Boonana Trojan Horse” is being widely distributed on social networking websites like Facebook, according to Nicholas Raba, the founder of SecureMac.com.

Raba told The Loop that have the trojan distributed through social networking sites makes it a more critical threat because it is such a widely used network. As he pointed out, users of Facebook trust their friends and are more willing to click on a link from a friend.

SecureMac describes the trojan like this:

“When a user clicks the infected link, the trojan initially runs as a Java applet, which downloads other files to the computer, including an installer, which launches automatically. When run, the installer modifies system files to bypass the need for passwords, allowing outside access to all files on the system. Additionally, the trojan sets itself to run invisibly in the background at startup, and periodically checks in with command and control servers to report information on the infected system. While running, the trojan horse hijacks user accounts to spread itself further via spam messages. Users have reported the trojan is spreading through e-mail as well as social media sites.”

Raba said the trojan modifies the sudo file in Mac OS X, so it no longer needs a root password in order to execute commands. The trojan contains files to install on both Mac OS X and Windows systems, so all users are potentially vulnerable.

SecureMac’s MacScan will remove the trojan if you are already infected. Raba said the company’s 30-day free trial will remove it as well. SecureMac will also be posting instructions on its website to manually remove the trojan from your system. Instructions are expected to be posted this afternoon.