More Mac Malware Manufactured

Tuesday, April 17, 2012 @ 04:04 PM gHale


Macs seem to now have a bigger target on their sleek, slim-lined back.

Following the outbreak of the Flashback Mac Trojan, researchers found two more cases of Mac OS X malware. The good news is most users have little reason to worry about them.

RELATED STORIES
Apple Picks Off Flashback Malware
Apple Working on Malware Fix
Mac Botnet Growing Rapidly
Apple Fixes Java Holes

Both cases are variants on the same Trojan, called SabPub, said Kaspersky Lab Expert Costin Raiu.

The first variant is Backdoor.OSX.SabPub.a. Like Flashback, this new threat was likely spread through Java exploits on websites, and allows for remote control of affected systems. It came to life one month ago.

This malware isn’t a threat to most users for a few reasons: It seems to have focused on targeted attacks, with links to malicious websites sent via email, and the domain used to fetch instructions for infected Macs shut down, Raiu said.

Furthermore, Apple’s security update for Flashback helps render future Java-based attacks harmless. In addition to removing the Flashback malware, the update automatically deactivates the Java browser plug-in and Java Web Start if they remain unused for 35 days. Users must then manually re-enable Java when they encounter applets on a Web page or a Web Start application.

The second SabPub variant is old-school compared to its sibling. Instead of attacking through malicious Websites, it uses infected Microsoft Word documents as a vector, distributed by email.

Like the other SabPub variant, this one saw use in targeted attacks. With Flashback fresh in users memory and with these malware attacks, it is further evidence Macs aren’t immune to attacks.



Leave a Reply

You must be logged in to post a comment.