Koobface spreads via social networks such as Facebook and Twitter by compromising user accounts and posting messages on the sites that lure other users to click on malicious links supposedly coming from trusted sources.
Intego has acknowledged a Mac version of the Koobface worm, but had previously refrained from issuing a security notice on the issue because of what it calls “a low level of risk” for Mac users.
The firm has labeled the malware as a trojan horse for the sake of simplicity, but noted that it “propagates as a worm, is installed via a trojan horse, and installs a rootkit, backdoor, command and control, and other elements” on machines when users allow a Java applet download from a malicious website.
According to Intego, there is evidence of Koobface infections of Mac machines in the wild, but the malware, as currently written, is unable to proceed past the infection stage.
In a recent security blog posting, the company noted: “Either the malicious malware has bugs preventing it from running correctly, or the servers it contacts are not active or are not serving the correct files”.
“While this is an especially malicious piece of malware, the current Mac OS X implementation is flawed, and the threat is therefore low”, Intego said. “However, Mac users should be aware that this threat exists, and that it is likely to be operative in the future, so this Koobface Trojan horse may become an issue for Macs.”