New Mac OS X Trojan discovered
Sabpab exploits same Java vulnerability as Flashback
By Ben Camm-Jones
April 15, 2012 — IDG News Service — Mac users should make sure they have applied Apple's latest Java update and installed anti-virus software after a new Trojan targeting OS X was spotted in the wild.
Ironically discovered on Friday 13th, the new Trojan - Sabpab - uses the same vulnerability in the OS X's Java plug-in to infect Macs, warns security firm Sophos.
It also doesn't require any user interaction to infect a system either - just like Flashback - all that needs to happen is for you to visit an infected webpage.
"The newly discovered Sabpab malware is in many ways a basic backdoor Trojan horse. It connects to a control server using HTTP, receiving commands from remote hackers as to what it should do. The criminals behind the attack can grab screenshots from infected Macs, upload and download files, and execute commands remotely," said Graham Cluley, senior technology consultant at Sophos.
If you have updated Java on your Mac then you will be protected from the new threat, and most Mac anti-virus software will protect against Sabpab as well. Sales of security software for Mac apparently jumped after the discovery of the Flashback Trojan earlier this month.
Flashback was estimated to have infected more than half a million Macs worldwide and even managed to infect some systems in Cupertino, according to some reports, though this was never officially admitted by Apple.
However, Apple did come under fire for 'dragging its feet' as the vulnerability in Java that it exploits had been known of for more than six weeks before Flashback was discovered.
Apple has released a Flashback removal tool, though it will only work on the most common variants of the Trojan. Several security firms have also issued a tool to remove Flashback from Macs, though Kaspersky Lab was forced to withdraw its tool after it was found to be erasing user settings.