Home / malware Trojan:MacOS_X/Boonana
First posted on 04 November 2010.
Source: SecurityHomeAliases :
There are no other names known for Trojan:MacOS_X/Boonana.
Explanation :
Trojan:MacOS_X/Boonana is a file that runs on MacOS X operating systems. In the wild, it is known to be downloaded by a malware detected as Trojan:Java/Boonana.
Top
Trojan:MacOS_X/Boonana is a file that runs on MacOS X operating systems. In the wild, it is known to be downloaded by a malware detected as Trojan:Java/Boonana. Installation Trojan:MacOS_X/Boonana may arrive as a file named OSXDriverUpdates.tar. When executed, Trojan:MacOS_X/Boonana is installed in the root volume of the MacOS X system. It sets the following properties on all files and folders in "/Library/StartupItems/OSXDriverUpdates": Sets owner to "root"Sets group to "wheel" Sets permissions to "owner:Read+Write+Execute group:Read+Execute all:Read+Execute" Payload Attempts to run commands Trojan:MacOS_X/Boonana may drop a modified copy of the file "sudoers" in "/private/etc" to allow itself to execute any command on the infected system without needing a password. Attempts to run other malware Trojan:MacOS_X/Boonana creates a hidden folder in "/var/root" named ".jnana". It then copies the file "jnana.tsa", which is detected as Trojan:Java/Boonana, from the home folder to its created folder, and changes the permissions for the folders and files so that they can be executed.
Analysis by Andrei Florin SaygoLast update 04 November 2010
