Home / malware Worm:Java/Boonana
First posted on 04 November 2010.
Source: SecurityHomeAliases :
Worm:Java/Boonana is also known as Java.Trojan.Boonana.C (BitDefender), Java/Boonana.A (ESET), Troj/KoobCls-A (Sophos), JAVA_DLOADER.WGA (Trend Micro).
Explanation :
Worm:Java/Boonana is a worm in the form of a Java class applet. If run, it uses Internet cookies for the social networking site Facebook.com to post messages, from the logged on user's account to other accounts, with a hyperlink pointing to a copy of the worm.
Top
Worm:Java/Boonana is a worm in the form of a Java class applet. If run, it uses Internet cookies for the social networking site Facebook.com to post messages, from the logged on user's account to other accounts, with a hyperlink pointing to a copy of the worm. InstallationThe worm is encountered if a user visits a webpage hosting a copy of the worm as a Java applet. In the wild, this worm was hosted on a site named "fbookme.x10.mx". The worm may be present on the local computer as files named "rvwop." and "FaceBookWorm.class" or a similarly named file. Spreads via€¦ Facebook.com message re-postingWhen the applet runs, it attempts to steal Internet cookies associated with the social network site Facebook.com to post messages from the logged on user's account. A typical message sent by the worm and posted on another contact's "wall" may have the following content: "IMPORTANT! PLEASE READ. Hi <friend contact name>.
Is this you in this video here : <hyperlink>" If the recipient visits the hyperlink, it could infect the local computer with a copy of the worm and further spread to other Facebook.com accounts.
Analysis by Jaime WongLast update 04 November 2010