The following is from: http://nakedsecurity.sophos.com/2012/04/16/sabpab-trojan-mac-word/?utm_source=twitter&utm_medium=NakedSecurity&utm_campaign=naked%252Bsecurity Please go there for any related links. Steve Naked Security - Award-winning computer security, news, opinion, advice and research from SOPHOS New version of Sabpab Mac Trojan emerges, spread via Word documents by Graham Cluley on April 16, 2012 | 3 Comments FILED UNDER: Apple , Featured , Malware , Vulnerability Mac Word icon Mac Word icon Mac Word icon Mac Word icon A new version of the Mac OS X Sabpab Trojan horse has come to light, and rather than relying upon a Java vulnerability - it appears to be exploiting malformed Word documents instead. If you open the boobytrapped Word document on a vulnerable Mac, a version of the OSX/Sabpab Trojan horse gets installed on your computer opening a backdoor for remote hackers to steal information or install further code. As a decoy, a Word document is dumped onto your drive and displayed - effectively acting as a camouflage for the Trojan's true intentions: Word document displayed as decoy Word document displayed as decoy Mac users may be caught out by the attack, as there is no prompt to enter your username or password when the malicious software installs itself onto your Mac. Sophos anti-virus products already proactively detected the boobytrapped Word documents as Troj/DocOSXDr-A , and protection against OSX/Sabpab-A has been updated to detect this variant also. This technique of infecting Mac users is not new. At the end of last month, warnings were issued about a new Mac malware attack that embedded itself inside boobytrapped Word documents . Those attacks exploited a known security vulnerability ( MS09-027 ) in Word, which allow hackers to remotely execute code on your computer without your knowledge. Now the same technique is being used by cybercriminals to spread OSX/Sabpab. In both incidents, the Word document displayed appears to relate to Tibet. Unlike the earlier sightings of Sabpab , there is nothing about this attack which relates to the Java vulnerability exploited by the Flashback botnet . So, any Mac users who believe that they have protected themselves because they don't use Java probably needs to realise that that's not an effective defence. And although there's no reason to believe that this attack is widespread, it's clearly time for some people to wake up to the reality of Mac malware. Mac users - please get an anti-virus, for goodness sake. If you don't want to pay for one, there is free anti-virus for Mac home users available for download. http://www.sophos.com/freemacav Of course, it would also be sensible to update your installation of Microsoft Word - as a patch has been available for the vulnerability being exploited here since 2009. You can find out more about the threat in Costin Raiu's post on the Kaspersky blog. Follow @gcluley Broken apple image , from ShutterStock Tags: Mac OS X , Malware , Microsoft Word , Sabpab , Sabpub , vulnerability To subscribe or to leave the list, or to set other subscription options, go to www.freelists.org/list/real-eyes