The SecureMac team (http://www.securemac.com) says a new variant of the Boonana malware has been discovered. The new variant, trojan.osx.boonana.b, behaves in a very similar manner to the original malware, and is currently being distributed on multiple sites.
SecureMac has identified two more web sites that are currently hosting the new malware variant. Rather than the initial site which tricks users into running (and installing) the malware, these servers seem to be hosting update code for the malware. The infected machines contact these servers looking for updates to the malware payload. At the time of analysis (Nov. 2), these servers were live and distributing malware, says SecureMac.
In addition to the malware updates, these servers contain what appear to be keystroke logs from infected machines, including usernames and passwords. With a quick glance, Boonana may look like a variant of...| Read more »