SecureMac, a site devoted to Mac OS X security, claims to have discovered a new variant of the Boonana Trojan horse.

Last week the team reported the Trojan horse dubbed trojan.osx.boonana.a, reportedly spreading through popular social networking sites including Facebook, disguised as a video.

The Trojan appeared as a link in messages on social networking sites with the subject "Is this you in this video?" When run, the installer modified system files to bypass the need for passwords claimed SecureMac.

Now the new variant, discovered by ESET, the antivirus, firewall and anti-spam software provider, trojan.osx.boonana.b, behaves in a similar manner to the original malware, and is currently being distributed on multiple sites.

"In addition to the website documented by ESET as currently distributing the malware, SecureMac has identified two more websites that are currently hosting the new malware variant," SecureMac notes.

"Rather than the initial site which tricks users into running (and installing) the malware, these servers seem to be hosting update code for the malware. The infected machines contact these servers looking for updates to the malware payload. At the time of analysis (2 November, 2010), these servers were live, and distributing malware."

SecureMac adds the servers contain what appear to be keystroke logs from infected machines, including usernames and passwords.


"SecureMac's initial analysis of Boonana as a new unique piece of malware, which does not share a common code-base with the previously discovered Koobface worm. Additionally, Microsoft identifies the malware as Trojan:Java/Boonana, and rates it as a severe threat for both Mac and Windows."

"Another security vendor has verified that the Boonana malware is capable of infecting Linux machines, and will proceed to join a botnet once installed. The malware also affects Mac OS X and Microsoft Windows."

SecureMac offers MacScan, which claims to quickly detect, isolate and remove malware from Mac computers using both real-time spyware definition updating and "unique detection" methods.

A SecureMac Boonana Trojan Horse Advisory can be found here.

Earlier this week, software security specialists Sophos announced the availability of a free Mac anti-virus product for Mac home users. Sophos Anti-Virus Home Edition for Mac is available free to Mac users without a time limit, and requiring no registration.

The free software promises to protect against all known malware, including both Mac and Windows-specific threats such as Trojan horses, viruses, worms and spyware. Sophos Anti-Virus Home Edition for Mac has been released in response to growing concern about Mac malware, the company insists.  

Sophos Anti-Virus Home Edition is Universal and requires Mac OS X 10.4 Tiger or later. Mac users can visit to learn more and download Sophos Anti-Virus Home Edition. Additionally, Sophos has also launched a dedicated Mac support forum to allow users to interact with others in their community and get questions answered about the product or Mac security: