Microsoft Finds Apple Malware

Thursday, May 3, 2012 @ 05:05 PM gHale


As if Flashback was not enough, Microsoft detected a new piece of malware targeting Apple OS X computers that exploits a vulnerability in the Office productivity suite patched nearly three years ago.

The malware is not widespread, said Jeong Wook Oh of Microsoft’s Malware Protection Center. But it does show hackers pay attention if it’s found people do not apply patches as those fixes release, putting their computers at a higher risk of becoming infected.

RELATED STORIES
Flashback Uses Twitter as Backup C&C
Snow Leopard Falls to Flashback Infection
One Site can end up a Malicious Hive
Flashback Variant Hits Macs
Attack Vector: Phishing Real or Phony?

“Exploiting Mac OS X is not much different from other operating systems,” Oh wrote. “Even though Mac OS X has introduced many mitigation technologies to reduce risk, your protection against security vulnerabilities has a direct correlation with updating installed applications.”

The security update Microsoft released in June 2009, addressed two vulnerabilities an attacker could use to gain remote control over a machine and run other code. Both vulnerabilities could suffer exploitation with a specially-crafted Word document.

The exploit discovered by Microsoft doesn’t work with OS X Lion, but does work with Snow Leopard and prior versions. Oh said it is likely attackers have knowledge about the computers they are attacking, such as the victim’s operating system version and patch levels.

The malware delivered by the exploit is specifically for OS X and is basically a “backdoor,” or a tool that allows for remote control of a computer.

Microsoft advised those who use Microsoft Office 2004 or 2008 for Mac or the Open XML File Format Converter for Mac to ensure those products have applied the patch.

“In conclusion, we can see that Mac OS X is not safe from malware,” Oh wrote. “Statistically speaking, as this operating system gains in consumer usage, attacks on the platform will increase.”



Leave a Reply

You must be logged in to post a comment.