[real-eyes] New version of Sabpab Mac Trojan emerges, spread via Word documents
- From: blindbites <blindbites@xxxxxxxxx>
- To: real-eyes@xxxxxxxxxxxxx, nutkc@xxxxxxxxxxxxxxx
- Date: Mon, 16 Apr 2012 13:48:57 -0500
The following is from:
http://nakedsecurity.sophos.com/2012/04/16/sabpab-trojan-mac-word/?utm_source=twitter&utm_medium=NakedSecurity&utm_campaign=naked%252Bsecurity
Please go there for any related links.
Steve
Naked Security - Award-winning computer security, news, opinion, advice
and research from SOPHOS
New version of Sabpab Mac Trojan emerges, spread via Word documents
by
Graham Cluley
on April 16, 2012 |
3 Comments
FILED UNDER:
Apple
,
Featured
,
Malware
,
Vulnerability
Mac Word icon
Mac Word icon
Mac Word icon
Mac Word icon
A new version of the Mac OS X Sabpab Trojan horse has come to light, and
rather than
relying upon a Java vulnerability - it appears to be exploiting
malformed Word documents
instead.
If you open the boobytrapped Word document on a vulnerable Mac, a
version of the
OSX/Sabpab Trojan horse gets installed on your computer opening a
backdoor for remote
hackers to steal information or install further code.
As a decoy, a Word document is dumped onto your drive and displayed -
effectively
acting as a camouflage for the Trojan's true intentions:
Word document displayed as decoy
Word document displayed as decoy
Mac users may be caught out by the attack, as there is no prompt to
enter your username
or password when the malicious software installs itself onto your Mac.
Sophos anti-virus products already proactively detected the boobytrapped
Word documents
as
Troj/DocOSXDr-A
, and protection against
OSX/Sabpab-A
has been updated to detect this variant also.
This technique of infecting Mac users is not new. At the end of last
month, warnings
were issued about a new Mac malware attack that embedded itself inside
boobytrapped Word documents
.
Those attacks exploited a known security vulnerability (
MS09-027
) in Word, which allow hackers to remotely execute code on your computer
without
your knowledge.
Now the same technique is being used by cybercriminals to spread OSX/Sabpab.
In both incidents, the Word document displayed appears to relate to Tibet.
Unlike the
earlier sightings of Sabpab
, there is nothing about this attack which relates to the Java
vulnerability exploited
by the
Flashback botnet
.
So, any Mac users who believe that they have protected themselves
because they don't
use Java probably needs to realise that that's not an effective defence.
And although there's no reason to believe that this attack is
widespread, it's clearly
time for some people to wake up to the reality of Mac malware.
Mac users - please get an anti-virus, for goodness sake. If you don't
want to pay
for one, there is
free anti-virus for Mac home users
available for download.
http://www.sophos.com/freemacav
Of course, it would also be sensible to update your installation of
Microsoft Word
- as a patch has been available for the vulnerability being exploited
here since
2009.
You can find out more about the threat in
Costin Raiu's post
on the Kaspersky blog.
Follow @gcluley
Broken apple image
, from ShutterStock
Tags:
Mac OS X
,
Malware
,
Microsoft Word
,
Sabpab
,
Sabpub
,
vulnerability
To subscribe or to leave the list, or to set other subscription options, go to
www.freelists.org/list/real-eyes
Other related posts:
- » [real-eyes] New version of Sabpab Mac Trojan emerges, spread via Word documents - blindbites
