Malware, Threat Management, Vulnerability Management

Koobface exploit for Macs circulating in the wild

Credit the mass popularity of Facebook and Twitter with bringing malware to the Macintosh.

Security firm Intego issued an alert Wednesday announcing that its research team has discovered a Mac version of the notorious Koobface worm, known to propagate on social networking sites

In the past, machines compromised by Koobface have been hit with a potent trojan cocktail that can block access to security websites, change DNS settings, install rogue anti-virus software and steal passwords.

In the case of Mac version of Koobface, the worm spreads by way of a malicious Java applet, according to a security memo from Intego.

Users are baited to click on links appearing on popular social media sites such as Facebook, MySpace and Twitter – usually under the guise of a video – which leads them to a malicious website that attempts to load the applet.

"Users can deny or allow the applet access to their computers," the memo said. "If they click 'Deny,' the applet will not run, and no infection will occur. If they click 'Allow,' however, the applet will run and will attempt to download files from one or more remote servers." 

Intego, though, rated the threat as low-risk.

"While Intego has evidence of several infections in the wild, we are not currently able to go beyond this step, as either the malicious malware has bugs preventing it from running correctly, or the servers it contacts are not active or are not serving the correct files," according to the memo.

Users are encouraged to avoid accepting questionable Java applets.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.