Kaspersky Lab security researcher Costin Raiu has discovered anotherMac OS X Trojan. Dubbed Backdoor.OSX.SabPub.a (or merely SabPub, in short), the malware uses Java exploits to contaminate a Mac, url to an isolated Rrnternet site, and bide time until instructions that come with taking screenshots of an user's Mac and executing commands.
"The Java exploits appear to be pretty standard, however, (and) they have been obfuscated using ZelixKlassMaster, a flexible and quite powerful Java obfuscator," Raiu wrote relating to google nexus 4 case bumper nexus 4 case the Securelist blog. "This was obviously tired order to avoid detection from anti-malware products."
Related storiesApple's Flashback malware remover now liveMac Flashback malware: Memory foam cover and ways to take care of it (FAQ)Guidelines on how nexus 4 bumper case to remove the Flashback malware from OS XCNET's look at the Apple MacBook ProRaiu's discovery provides Mac users take presctiption high alert beyond the Flashback Trojan, which reportedly infected over 600,000 Macs worldwide. That exploit, this uses Java, can perform nabbing user passwords in addition to other information of their Web browser or some applications. Apple on Friday released a device supposed to remove Flashback from infected machines. Before that launch, this became thought that 270,000 Macs were who have contracted the Trojan, down significantly from its height.
In a follow-up post on Securelist yesterday, Raiu provided extra facts about SabPub that can assist differentiate it from Flashback. He reported there presently exist at least two SabPub variants within your wild today, including that which dates back to February. The malware looks like it's delivered through targeted attacks, that will limit its ability to make widespread incursions a la Flashback.
Raiu also reported that your particular malware seems spreading through Word documents that exploit the CVE-2009-0563 vulnerability caused by a stack-based buffer overflow in Office on your Mac.
"The most fascinating thing the good reputation for cost-free SabPub variant. In your virus collection, it should be named '8958.doc.'" Raiu wrote inside the blog. "This suggests it was extracted from a Word document or was distributed for a Doc-file."
Apple wouldn't immediately answer CNET's ask comment.
No comments:
Post a Comment