60 replies to this topic 4 votes

[Dot Matrix]

Hot off the heels of the Flashback malware, Sophos has announced the discovery of a new Mac OSX Trojan, Sabpab, which uses the same Java vulnerability Flashback used, and just like Flashback, doesn't need or require any user interaction to be installed.

Quote

The newly discovered Sabpab malware is in many ways a basic backdoor Trojan horse. It connects to a control server using HTTP, receiving commands from remote hackers as to what it should do. The criminals behind the attack can grab screenshots from infected Macs, upload and download files, and execute commands remotely.

The Trojan creates the files

/Users/<user>/Library/Preferences/com.apple.PubSabAgent.pfile

/Users/<user>/Library/LaunchAgents/com.apple.PubSabAGent.plist

Encrypted logs are sent back to the control server, so the hackers can monitor activity.

The potential for abuse of compromised Macs should be obvious, given the Trojan's functionality.

Source: SOPHOS

[+sanke1]

Apple needs to hand over the maintenance of Java over to its main company. Days of Macs being virus proof are over.

[+Brando212]

sanke1, on 14 April 2012 - 05:25, said:

Apple needs to hand over the maintenance of Java over to its main company. Days of Macs being virus proof are over.

seriously, I can't understand why Apple wants to be in control of when java updates get pushed (aka almost never)

[iron2000]

The coffee is opening holes in the apple

Anyway since they already fixed that Java issue, this trojan won't affect patched systems, right?
Maybe Apple can buy an anti-virus company and create Apple Security Essentials

[BumbleBritches57]

iron2000, on 14 April 2012 - 08:39, said:

The coffee is opening holes in the apple

Anyway since they already fixed that Java issue, this trojan won't affect patched systems, right?
Maybe Apple can buy an anti-virus company and create Apple Security Essentials

Apples approach to security is light years ahead of Microsoft, Mac OS can require apps to be signed, each app is broken up into separate parts with each part only able to do one thing, like with QuickTime, the Video Decoder, is ONLY allowed read from teh disk and decry pt the content of a video stream. I could go on, but Ars had a great line up in their OS X Lion review.

[.Neo]

Brando212, on 14 April 2012 - 06:48, said:

seriously, I can't understand why Apple wants to be in control of when java updates get pushed (aka almost never)

Apple just released two updates to address this issue and a removal tool for Macs without Java installed.

[+Vice]

sanke1, on 14 April 2012 - 05:25, said:

Apple needs to hand over the maintenance of Java over to its main company. Days of Macs being virus proof are over.

Apple is winding down its support of Java in OS X. But Oracle don't want to support it.

[+cooky560]

the article fails to mention how easy this malware is to remove, that information might be worth posting if it exists.

[funkydude]

BumbleBritches57, on 14 April 2012 - 08:46, said:

Apples approach to security is light years ahead of Microsoft

Don't think I've laughed so hard in a long time, my chest hurts! When it comes to security, the only thing Apple is light years ahead of Microsoft on is denial.

[Dot Matrix]

Part of me wishes Steve was still alive to declare war on Java just like he did Flash.

Java needs to go away. I'm sorry to all the Minecraft players out there, but Java needs to die a quick death.

[.Neo]

Dot Matrix, on 14 April 2012 - 13:44, said:

Java needs to go away. I'm sorry to all the Minecraft players out there, but Java needs to die a quick death.

Agreed. I hate the fact I get a prompt to install Java when I'm launching Adobe Photoshop the first time.

[Hum]

good News

[+Phouchg]

Hello, I'm a PC and...

[+Brando212]

Dot Matrix, on 14 April 2012 - 13:44, said:

Java needs to go away. I'm sorry to all the Minecraft players out there, but Java needs to die a quick death.

I'm a Minecraft player and even I think Java needs to die

[virtorio]

At least OS X is getting popular enough for malware writers to bother.