New Mac OS X backdoor Trojan, Sabpab, discovered

[Dot Matrix]

Hot off the heels of the Flashback malware, Sophos has announced the discovery of a new Mac OSX Trojan, Sabpab, which uses the same Java vulnerability Flashback used, and just like Flashback, doesn't need or require any user interaction to be installed.

The newly discovered Sabpab malware is in many ways a basic backdoor Trojan horse. It connects to a control server using HTTP, receiving commands from remote hackers as to what it should do. The criminals behind the attack can grab screenshots from infected Macs, upload and download files, and execute commands remotely.

The Trojan creates the files

/Users/<user>/Library/Preferences/com.apple.PubSabAgent.pfile

/Users/<user>/Library/LaunchAgents/com.apple.PubSabAGent.plist

Encrypted logs are sent back to the control server, so the hackers can monitor activity.

The potential for abuse of compromised Macs should be obvious, given the Trojan's functionality.

Source: SOPHOS

[neo1911]

Apple needs to hand over the maintenance of Java over to its main company. Days of Macs being virus proof are over.

[Brandon H Supervisor]

Apple needs to hand over the maintenance of Java over to its main company. Days of Macs being virus proof are over.

seriously, I can't understand why Apple wants to be in control of when java updates get pushed (aka almost never)

[iron2000]

The coffee is opening holes in the apple :p

Anyway since they already fixed that Java issue, this trojan won't affect patched systems, right?

Maybe Apple can buy an anti-virus company and create Apple Security Essentials :p

[BumbleBritches57]

The coffee is opening holes in the apple :p

Anyway since they already fixed that Java issue, this trojan won't affect patched systems, right?

Maybe Apple can buy an anti-virus company and create Apple Security Essentials :p

Apples approach to security is light years ahead of Microsoft, Mac OS can require apps to be signed, each app is broken up into separate parts with each part only able to do one thing, like with QuickTime, the Video Decoder, is ONLY allowed read from teh disk and decry pt the content of a video stream. I could go on, but Ars had a great line up in their OS X Lion review.

[.Neo]

seriously, I can't understand why Apple wants to be in control of when java updates get pushed (aka almost never)

Apple just released two updates to address this issue and a removal tool for Macs without Java installed.

[Vice]

Apple needs to hand over the maintenance of Java over to its main company. Days of Macs being virus proof are over.

Apple is winding down its support of Java in OS X. But Oracle don't want to support it.

[cooky560 Veteran]

the article fails to mention how easy this malware is to remove, that information might be worth posting if it exists.

[funkydude]

Apples approach to security is light years ahead of Microsoft

Don't think I've laughed so hard in a long time, my chest hurts! When it comes to security, the only thing Apple is light years ahead of Microsoft on is denial.

[Dot Matrix]

Part of me wishes Steve was still alive to declare war on Java just like he did Flash. :/

Java needs to go away. I'm sorry to all the Minecraft players out there, but Java needs to die a quick death.

[.Neo]

Java needs to go away. I'm sorry to all the Minecraft players out there, but Java needs to die a quick death.

Agreed. I hate the fact I get a prompt to install Java when I'm launching Adobe Photoshop the first time. :pinch:

[Hum]

good News

[Phouchg]

Hello, I'm a PC and...

[Brandon H Supervisor]

Java needs to go away. I'm sorry to all the Minecraft players out there, but Java needs to die a quick death.

I'm a Minecraft player and even I think Java needs to die

[+virtorio MVC]

At least OS X is getting popular enough for malware writers to bother.

[Elliott]

Best advice I can give is to just keep Java disabled in your browser of choice. It's already disabled by default in Safari on Lion (even if you have Java installed like Adobe has forced me to do).

[Argi]

Apples approach to security is light years ahead of Microsoft, Mac OS can require apps to be signed, each app is broken up into separate parts with each part only able to do one thing, like with QuickTime, the Video Decoder, is ONLY allowed read from teh disk and decry pt the content of a video stream. I could go on, but Ars had a great line up in their OS X Lion review.

I assume you mean the other way around. Microsoft has always had a huge head start on the security front and they've had the infrastructure and teams established within the company to deal with threats for considerably longer. Your example is great, but IE has had protected mode since Vista AND that can be used by any other apps to switch threads or processes to low IL.

Haven't even touched on ASLR, DEP, and other technologies (I have a larger list in a notebook at home).

Windows 8 will bring even more improvements for intra process security and doing the same application signing requirements for Metro apps.

[#Michael]

Apple just released two updates to address this issue and a removal tool for Macs without Java installed.

That's the point I don't understand. Flashback and this new supposed one are Java exploits....so if my Mac doesn't have Java installed how can my machine get infected and thus need this removal tool? Isn't the best defense on this just not to have Java installed along with a good a/v scanner?

[Neo003]

At least OS X is getting popular enough for malware writers to bother.

:rofl:

[Unrealistic]

That's the point I don't understand. Flashback and this new supposed one are Java exploits....so if my Mac doesn't have Java installed how can my machine get infected and thus need this removal tool? Isn't the best defense on this just not to have Java installed along with a good a/v scanner?

Yes.

[123456789A]

I'm glad I upgraded all my Macs to Windows 7 in time.

[PyX]

Java and Flash need to go away ASAP and the Internet will be more secure.

(edit : and Silverlight, while we?re at it)

[Glassed Silver]

I'm glad I upgraded all my Macs to Windows 7 in time.

Yupp.

Zero vulnerabilities. :rolleyes: :laugh:

Glassed Silver:mac

[PyX]

I'm glad I upgraded all my Macs to Windows 7 in time.

And did you ditch OS X completely ? If so, I don?t understand your point. If anything, your Macs are a couple of times more vulnerable than ever before. It?s your call, man.

[123456789A]

And did you ditch OS X completely ? If so, I don?t understand your point. If anything, your Macs are a couple of times more vulnerable than ever before. It?s your call, man.

I still have OS X but I have no real reason to use it anymore. The question then becomes, why did I get a Mac in the first place? I didn't know Windows 7 was so good. If I did at the time, I would have saved myself some money and built my own PC.