Jump to content


Sabpab, New Mac OS X Backdoor Trojan


  • Please log in to reply
2 replies to this topic

#1 OFFLINE   Corrine

Corrine

    The Mystical Rose

  • Forum Admins
  • 3,524 posts

Posted 13 April 2012 - 08:36 PM

Sophos reports that, like Flashback,Sabpab doesn't require any user interaction.  It exploits the same drive-by Java vulnerability used to create the Flashback botnet.

Quote

The newly discovered Sabpab malware is in many ways a basic backdoor Trojan horse. It connects to a control server using HTTP, receiving commands from remote hackers as to what it should do. The criminals behind the attack can grab screenshots from infected Macs, upload and download files, and execute commands remotely.

BTW, Sophos offers free antivirus software for Mac home users:  Sophos Free AntiVirus for Mac
Posted Image

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

#2 OFFLINE   LilBambi

LilBambi

    Australisches Googler

  • Forum Admins
  • 21,522 posts

Posted 16 April 2012 - 02:55 PM

New version of Mac OS X Trojan exploits Word, not Java - ZDNet
By Emil Protalinski

Quote

Summary: A second variant of the Mac OS X Trojan referred to as Backdoor.OSX.SabPub.a or SX/Sabpab-A is exploiting a Microsoft Word security hole, not the usual Java vulnerabilities used before.

Just a few days ago, a new Mac OS X Trojan was spotted in the wild that exploited Java vulnerabilities and required no user interaction to infect your Apple Mac, just like the Flashback Trojan. Kaspersky referred to it as “Backdoor.OSX.SabPub.a” while Sophos called it at “SX/Sabpab-A.” Now, both security firms have confirmed a different variant of this new Trojan that infects Macs by exploiting Microsoft Word, not Java.

Sophos detects the malicious Word documents as
Troj/DocOSXDr-A and points to the following Microsoft Security Bulletin: MS09-027. Kaspersky meanwhile points to this security bulletin for the same Microsoft Word security hole: CVE-2009-0563.

RED emphasis mine.
Bambi
AKA Fran

Posted Image
My Public Key for Email :: BambisMusings Blog :: Fran's Computer Services Blog :: MyPassionIsBooks Blog :: 5BuckReview :: CNIRadio
"The Net interprets censorship as damage and routes around it." ~John Gilmore (Time Magazine, Dec 6, 1993)

#3 OFFLINE   Temmu

Temmu

    The Assimilator

  • Forum MVP
  • 11,878 posts

Posted 18 April 2012 - 12:49 PM

gotta love microsoft word!  home of the .dot malicious macro.
(.dot, the default document from which all other word documents (.doc) are created and subsequently infested.)

love ring a bell, anyone?
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users