Recently, Russian Anti-Virus company, found that the Flashback Mac Trojan had infected more than 600,000 systems, further quashing the myth that Apple's OS X is somehow immune to malware threats. The Trojan exploited three Java vulnerabilities to gain remote access to the infected systems and capability to capture authentication credentials. Doctor Web created an for uses to see if they had been infected by the Flashback Trojan, F-Secure has instructions on how to, and they had successfully patched the vulnerability.
Now researchers at Kaspersky Labs have discovered another OSX backdoor that utilizes a Java exploit. The Trojan, dubbed 'SabPub', uses the an obfuscator to attempt to bypass antivirus protection.
'The Java exploits appear to be pretty standard, however, they have been obfuscated using ZelixKlassMaster, a flexible and quite powerful Java obfuscator. This was obviously done in order to avoid detection from anti-malware products,' writes Kaspersky's Costin Raiu. Analysis leads Raiu to believe that the malware was designed for use in targeted attacks.
'This new threat is a custom OS X backdoor, which appears to have been designed for use in targeted attacks. After it is activated on an infected system, it connects to a remote website in typical C&C fashion to fetch instructions.
The backdoor contains functionality to make screenshots of the user’s current session and execute commands on the infected machine,' said Raiu. SabPub, which may have been in the wild for about a month, is now known to connect to Command and Control servers hosted on a VPS located in Fremont, California, called 'Onedumb.com'. 'Onedumb.com is a free dynamic DNS service. Interesting, the C&C at IP 199.192.152. was used in other targeted attacks (known as “Luckycat”) in the past,' Raiu wrote.
But Kruizinga.com does not stop here, because both when making the best choice and after delivery, you can count on our professional support and technically sound recommendations. Of course, customers are also welcome at Kruizing.nl in Wapenveld. Here you will find all our products, conveniently displayed under one roof, allowing you to view and compare products in an easy and efficient way.
Java For Mac Os
'One other important detail is that the backdoor has been compiled with debug information - which makes its analysis quite easy. This can be an indicator that it is still under development and it is not the final version,' he continued. Early analysis has not determined the exact mechanism for the spread of SubPub, but researchers suspect the use of emails containing a malicious URL as the primary method of delivery. 'At the moment, it is not clear how users get infected with this.
Latest Java For Mac
Free Java Download For Mac
Several reports exist which suggest the attack was launched through e-mails containing an URL pointing to two websites hosting the exploit, located in US and Germany,' Raiu explained.