New version of Mac OS X Trojan exploits Word, not Java
Summary: A second variant of the Mac OS X Trojan referred to as Backdoor.OSX.SabPub.a or SX/Sabpab-A is exploiting a Microsoft Word security hole, not the usual Java vulnerabilities used before.
Just a few days ago, a new Mac OS X Trojan was spotted in the wild that exploited Java vulnerabilities and required no user interaction to infect your Apple Mac, just like the Flashback Trojan. Kaspersky referred to it as "Backdoor.OSX.SabPub.a" while Sophos called it at "SX/Sabpab-A." Now, both security firms have confirmed a different variant of this new Trojan that infects Macs by exploiting Microsoft Word, not Java.
Sophos detects the malicious Word documents as Troj/DocOSXDr-A and points to the following Microsoft Security Bulletin: MS09-027. Kaspersky meanwhile points to this security bulletin for the same Microsoft Word security hole: CVE-2009-0563.
The new version of the Trojan uses malformed Word documents to open a backdoor for remote hackers to steal information or install further code. Just like many recent variants of Mac-specific Trojans, OS X users may be caught off guard as there is no prompt to enter your username or password when the malicious software installs itself onto your Mac.
On the other hand, while the first discovered version of this Trojan requires no user interaction, this second one does. Instead of just browsing the Web and getting infected, Mac users have to actually download and open the Word document for this second version to work.
Here's what I wrote in my last article:
The good news is this means that this Trojan is not believed to be anything as widespread as Flashback, and if you've downloaded and installed the latest software updates from Apple that patch the Java vulnerabilities (or disabled Java), you're safe. The bad news is these Trojans will just keep coming, likely at an increasing rate. This Trojan further underlines the importance of protecting Macs against malware with an updated anti-virus program as well as the latest security updates.
The first part no longer applies. Updating or uninstalling Java will not do you any good. Instead, you'll need to update Microsoft Office 2004 for Mac and Microsoft Office 2008 for Mac. Thankfully, this security vulnerability is from June 2009, so if you keep your Microsoft software patched, you should be good to go. The last parts still apply.
See also:
- New targeted Mac OS X Trojan requires no user interaction
- Apple releases Flashback removal tool, infections drop to 270,000
- Over 600,000 Macs infected with Flashback Trojan
- Has Flashback malware made you consider installing antivirus on your Mac?
- The scariest thing about the Flashback trojan: I have no idea how to fight it
- How big a security risk is Java? Can you really quit using it?
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
OSX doesn't need AV software
Neither OSX or Windows has it.
Linux with LSM: The safest operating system on the Planet.
I stake my reputation on it
DTS
It may be better but it is controversial even in security circles
You never answer the questions related to LSM
2) Can my grandmother start it without opening the command line ?
3) If LSM runs in kernel mode, who is responsible for the exploits discovered in LSM ?
Why give in to Dietrich's FUD?
The only thing that I can say for certainty is that Dietrich will hijack another thread with his LSM rantings. I stake my reputation on it.
tell your grandma, she'll like GNU/Linux
2) yes, she can, as many other non-power users, moreover, to install any software your grandmother has to open a a package manager, select the package in the checkbox and press apply --> it will be installed from a secure repository, without endangering security unlike on Windows (or Mac OSX) where users have to download and install from potentially insecure sources. Don't forget to add to your grandma, that updating and upgrading is very important, on most Linux distros (and BSD) it CAN be done with much less pain, unlike the status quo on MS and Apple OS, to say nothing about frequent Windows reboots.
3) apparmor is supported by a big community and Novell
"I stake my reputation on it"
If it really worked--or if users of other os's have constant issues
Why doesnt Ubuntu market this if it is so great? No, instead, Shutty and DJS just talk and talk and talk.
Dietrich
Well said
What went wrong
@nonfanboy http://arstechnica.com/tech-policy/news/2011/06/sony-hacked-yet-again-plain
Both osx and Windows have sandboxing
By the way, Linux isn't the safest os on the planet as witnessed by malware and privacy king Android, and by Apache which is responsible for millions of zombie web servers, all running Linux. Did you hear about the latest flaw in Samba by the way ?
got any proof?
As far as the Samba flaw is conc., you got any evidence of any exploits in the wild?
Android security problem is due to the Windows braindama... oriented peoples' mentality: not to check the permissions of an app prior to installation. On the daily basis, a Windows user has to deal with a risk of installing a malwared ridden software. The permission system on Windows is rudimentary, and rarely used by apps writers.
Re: The safest operating system on the Planet. I stake my reputation...
No
But no system is foolproof and and arrogance cost a lot of lives that night in April. Brittle steel, trying to avoid the iceberg when it was too close and a host of other tragic events sent the ship to the bottom. I don't care how safe an OS is claimed to be, any protection fashioned by the mind of man (or woman) can be defeated by another mind.
No, no, no...
This never seems to end does it?
Uhhhh already there
Many 3rd Party Programs
MacOS cannot get infected, can it?
Now what do I do?????