"Recently Symantec Security Response analyzed a Trojan that uses social networking vectors to infect users on multiple platforms. (...)
This particular Trojan (that Symantec detects as Trojan.Jnanabot) is one such attempt to target multiple platforms. Jnanabot has numerous functionalities that include key logging, connection to IRC servers, and posting malicious links on social networking sites, affecting users on Windows, Mac OSX, and Linux platforms.
The threat is composed of multiple files. I will address them as components throughout this blog. Each component is meant for a specific task. Some components are compiled Java files whereas others are platform specific executable files.
- Library component: Contains Library files needed to run the threat on various platforms namely: Mac OSX, Linux with AMD 64 machines, Linux with x86 machines, Windows with x86 machines
- Main component: The main .jar file that controls execution of all the components.
- Install/update component: Installs and updates the threat.
- IRC component:Connects to remote IRCs and waits for further commands from the master.
- Key logging component.
- Crypt component: Windows and Mac executable files to decrypt the packaged files.
- Facebook component: We are currently analyzing this component. From our brief analysis it seems as if the threat can read cookies of logged on user and may post malicious links on the social networking site.
Artigo completo: http://www.symantec.com/connect/blogs/trojanjnanabot-trojan-affecting-multiple-platforms