Another Mac OS X Trojan has been spotted in the wild; this one exploits Java vulnerabilities just like the flashback trojan.Also just like Flashback, this new Trojan requires no user interaction to infect your Apple Mac.kaspersky refers to it as “Backdoor.OSX.SabPub.a” while sophos calls it at “SX/Sabpab-A.”
After infecting a given Mac, this Trojan is like most: it connects to a remote website using HTTP in typical command and control (C&C) fashion to fetch instructions from remote hackers telling it what to do. The backdoor contains functionality to take screenshots of the user’s current session, upload and download files, as well as execute commands remotely on the infected machine. Encrypted logs are sent back to the control server, so the hackers can monitor activity.
The remote C&C website appears to be hosted on the free dynamic DNS service onedumb.com. Interestingly, the IP address in question has been used in other targeted attacks (known as Luckycat) in the past. This particular attack may been launched through e-mails containing a URL pointing to two websites hosting the exploit, located in Germany and the U.S.
The Trojan may have been created on March 16, 2012. It was compiled with debug information, meaning analyzing it wasn’t hard, but more importantly this seems to suggest it is not the final version. You can check for infection by looking for the following files:
APPLE iPHONE 5 is sleek and modish handset offering all the exciting attributes that fulfill the demands of the gadget freak generation in adequate manner. This is filled with iOS services and allows you to explore the technology world beyond your imagination.Apple iPhone 5 has 8-MP camera offering you with the freedom of clicking stunning snapshots and the inbuilt flash memory of 16 GB or 32 GB (optional) serves you to save all those beautiful moments you captured in high resolution. It has a special front camera for offering video calling feature to the users. In the field of multimedia, what is that you can not explore through your Apple iPhone-5 smartphone. Be it Bluetooth, GPS, Wi-Fi and complete connectivity to Apple’s world, this gadget serves you with all.In order to grab this gizmo on lowered prices the Apple iPhone 5 deals offered by Vodafone, Orange, O2, Talk Mobile and Tesco etc US network service suppliers can be checked out and for this purpose the online platform Mobiles comparison shop is the best place which enables you to compare all the Apple iPhone 5 contracts and deals offered by all these service providers and select the best one.
The Java exploits appear to be pretty standard, but have been obfuscated using zelixklassmaster to avoid detection by anti-malware products. The low number of infections and its backdoor functionality indicates that it is most likely used in targeted attacks.
The good news is this means that this Trojan is not believed to be anything as widespread as Flashback, and if you’ve downloaded and installed the latest software updates from Apple that patch the Java vulnerabilities (or disabled Java), you’re safe. The bad news is these Trojans will just keep coming, likely at an increasing rate.
This Trojan further underlines the importance of protecting Macs against malware with an updated anti-virus program as well as the latest security updates