Vulnerabilities in the Boonana Trojan increase the danger
Posted on 18.01.2011
First spotted almost three months ago, the Boonana Trojan stood out because of its capability to infect both computer running Windows and those running Mac OS X. The Trojan nestled itself in the system, and allowed outside access to all files on it.

And if that wasn't bad enough, it seems that it has some vulnerabilities that can be exploited by other attackers to collect information about the system or - according to a Symantec researcher - even be used to create a completely functional parallel botnet or take over of the existing one.

The Boonana bots are designed to take part of a P2P network and to communicate with each other via a custom-designed communication protocol.

Apart from making the identification of infected hosts on a particular IP range almost trivial, the P2P protocol also contains an information-disclosure vulnerability which can be used to detect which operating system the computer is running.

According to Symantec, in December 2010, 84 percent of the infected systems were running Windows, and 16 percent a version of OS X.

Windows users are especially at risk, as the malware also installs a keylogger into the system and sends the collected data to the attacker. But all users are in danger of having their systems accessed not only by the original attacker, but by others as well.

A vulnerability in the P2P protocol can also allow attackers who have identified the infected systems to install a backdoor on them and in that way gain further access to the system. Also, the list of peers that each bot has and updates occasionally can lead the attacker to the other infected hosts, allowing him to repeat all these steps and gain access to it, too.

Malware is also a software application, and as such, it has vulnerabilities like any other legitimate software. Symantec's researcher says that this fact proves that a single malware infection can open the door to further infections, and warns users to check their systems for the Boonana Trojan in particular, and malware in general.






Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //