Never miss an update Follow AppleInsider
Monday, April 16, 2012, 08:48 am
Latest Mac trojan spreads through Microsoft Word documents
A new version of a backdoor trojan for Apple's OS X operating system takes advantage of an exploit in Microsoft Word to spread.The latest variant of the attack known as "LuckyCat" was discovered and detailed by Costin Raiu, Kasperskky lab expert. He found that a dummy infected machine was taken over by a remote user who started analyzing the machine and even stole some documents from the Mac.
"We are pretty confident the operation of the bot was done manually — which means a real attacker, who manually checks the infected machines and extracts data from them," Raiu wrote in a post to SecureList.
The new Mac-specific trojan, named "Backdoor.OSX.SabPub.a," uses a Java exploit to infect targeted machine. It spreads through Microsoft Word documents that exploit a vulnerability known as "CVE-2009-0563."
The new trojan is noteworthy because it stayed undetected for more than a month and a half before it came alive and data was manually extracted from the machine. That's different from MaControl, another bot used in attacks discovered in February 2012.
There are currently at least two variants of the "SabPub" trojan, which remains classified as an "active attack." It is expected that new variants of the bot will be released in the coming weeks, as the latest was created in March.
Security on the Mac has been in the spotlight of late as a result of the "Flashback" trojan that infected more than 600,000 Macs worldwide. Apple addressed the issue with a series of software updates last week designed to remove the trojan from affected machines.
The Flashback botnet harvested personal information and Web browsing logs fron infected machines. The trojan, which disguises itself as an Adobe Flash installer, was first discovered last September.
On Topic: Mac OS X
- Apple releases first OS X 10.8.5 Mountain Lion beta to developers
- Parallels Desktop 8 updated to support Apple's OS X Mavericks
- Apple adds security enhancements to Java 6 in latest update
- OS X Mavericks' new App Nap, Timer Coalescing features target battery efficiency
- Adobe releases major update to Creative Cloud desktop apps
Previous Comments View All
Quote:
Originally Posted by jameskatt2 
If you never install Java - you don't expose yourself to these trojan malware.
Apple no longer installs Java on Macs. Java is not present in iOS.
Java is a third party platform - like Flash - that opens up security holes in Mac OS X.
If you never install Java - you don't expose yourself to these trojan malware.
Apple no longer installs Java on Macs. Java is not present in iOS.
Java is a third party platform - like Flash - that opens up security holes in Mac OS X.
Except for the fact that this trojan uses an Office vulnerability, not Java. Since this attack vector appears to be from 2009 can we assume that current, fully patched systems are safe? I always apply Office patches as soon as they are available.
Quote:
Originally Posted by jameskatt2
If you never install Java - you don't expose yourself to these trojan malware.
Apple no longer installs Java on Macs. Java is not present in iOS.
Java is a third party platform - like Flash - that opens up security holes in Mac OS X.
If you never install Java - you don't expose yourself to these trojan malware.
Apple no longer installs Java on Macs. Java is not present in iOS.
Java is a third party platform - like Flash - that opens up security holes in Mac OS X.
You have to wonder what's going on with Android OS. Aren't most of their Google Play apps Java-based?
Could this article possibly be less useful?
No info on how to detect the trojan, no info on whether the latest patched Java version is still vulnerable, no info on how to get rid of it, no info...no info.
it's not like it's a pc trojan...why is it called as such? it requires manual intervention
I am having troubles watching some of the youtube videos in Safari. The video never plays or attempts to play. Ultimately it is asking me to force reload the other open pages.
I am now watching youtube videos on Firefox. No problems there.
Yes I am using the latest Apple's operating system and I am doing regular updates.
The article should be updated to list the Word version affected by the exploited bug.
Namely, the virus can only affect Word for Mac versions 2004 and 2008. If you have Word for Mac 2011, you should not worry.
Not listing the Word version could just unnecessarily scare users. Especially given that Word 2004 doesnt work on OS X Lion and Word 2008 is such a joke few people use it.
Quote:
Originally Posted by lkrupp
Except for the fact that this trojan uses an Office vulnerability, not Java. Since this attack vector appears to be from 2009 can we assume that current, fully patched systems are safe? I always apply Office patches as soon as they are available.
Except for the fact that this trojan uses an Office vulnerability, not Java. Since this attack vector appears to be from 2009 can we assume that current, fully patched systems are safe? I always apply Office patches as soon as they are available.
Did you even read the article? I'm guessing not.
It says, right in the article, and I quote, "The new Mac-specific trojan, named "Backdoor.OSX.SabPub.a," uses a Java exploit to infect targeted machine. It spreads through Microsoft Word documents that exploit a vulnerability known as "CVE-2009-0563."
Quote:
Originally Posted by lkrupp
Except for the fact that this trojan uses an Office vulnerability, not Java.
Except for the fact that this trojan uses an Office vulnerability, not Java.
Actually according to the article, it uses both Java and Office.
Quote:
Originally Posted by mr O
I am having troubles watching some of the youtube videos in Safari. .
I am having troubles watching some of the youtube videos in Safari. .
And???
This has nothing to do with the topic of the thread.
Quote:
Originally Posted by venyz
The article should be updated to list the Word version affected by the exploited bug.
Namely, the virus can only affect Word for Mac versions 2004 and 2008. If you have Word for Mac 2011, you should not worry.
Not listing the Word version could just unnecessarily scare users. Especially given that Word 2004 doesnt work on OS X Lion and Word 2008 is such a joke few people use it.
The article should be updated to list the Word version affected by the exploited bug.
Namely, the virus can only affect Word for Mac versions 2004 and 2008. If you have Word for Mac 2011, you should not worry.
Not listing the Word version could just unnecessarily scare users. Especially given that Word 2004 doesnt work on OS X Lion and Word 2008 is such a joke few people use it.
I'm using Word 2008 - didn't know it was a joke - better than giving Microsoft more money for the latest version though
Latest Apple Headlines
-
Analyst recants claim that Apple will add Retina display to iPad mini before 2014
~2 hours ago -
First benchmarks for redesigned Mac Pro reportedly appear online
~2 hours ago -
Best Buy recalls 5,100 third-party MacBook batteries for fire risk
~3 hours ago -
Twitter heat map shows iPhone use by the affluent, Android by the poor
~3 hours ago -
IDC gives Apple 9% of Chinese smartphone market, double the prevailing growth rate
~5 hours ago - more...
Want to write for AppleInsider? Submit your application now!
Lowest Prices Anywhere!
| Model | Price | You Save |
|---|---|---|
| 11"1.3GHz/4GB/128GB | $964.18* | $34.82 |
| 11" 1.3GHz/8GB/128GB | $1,061.18* | $37.82 |
| 11" 1.3GHz/8GB/256GB | $1,255.18* | $43.82 |
| 11"1.7GHz/8GB/128GB | $1,206.68* | $42.32 |
| 11"1.7GHz/8GB/256GB | $1,400.68* | $48.32 |
| 11" 1.7GHz/8GB/512GB | $1,691.68* | $57.32 |
| 13" 1.3GHz/4GB/128GB | $1,061.18* | $37.82 |
| 13" 1.3GHz/4GB/256GB | $1,255.18* | $43.82 |
| 13" 1.3GHz/8GB/256GB | $1,352.18* | $46.82 |
| 13" 1.3GHz/8GB/512GB | $1,643.18* | $46.82 |
| 13" 1.7GHz/8GB/256GB | $1,497.00* | $52.00 |
| 13" 1.7GHz/8GB/512GB | $1,788.68* | $60.32 |
* price with Promo Code:
APPLEINSIDER01
|
||
| Click for even more configurations | ||
| Model | White | Black | |
|---|---|---|---|
| iPad mini (WiFi only) | |||
| 16GB WiFi |  |
$329.00 | $329.00 |
| 32GB WiFi | |
$429.00 | $429.00 |
| 64GB WiFi | |
$529.00 | $529.00 |
| iPad mini (WiFi + 4G) | |||
 |
 |
 |
|
| 16GB 4G White | $459.00 | $459.00 | $459.00 |
| 32GB 4G White | $559.00 | $539.99 | $559.00 |
| 64GB 4G White | $659.00 | $659.00 | $629.99 |
| 16GB 4G Black | $459.00 | $459.00 | $459.00 |
| 32GB 4G Black | $559.00 | $539.99 | $539.99 |
| 64GB 4G Black | $659.00 | $659.00 | $629.99 |
If you never install Java - you don't expose yourself to these trojan malware.
Apple no longer installs Java on Macs. Java is not present in iOS.
Java is a third party platform - like Flash - that opens up security holes in Mac OS X.