Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

martedì 17 aprile 2012

Fresh Mac malware targeting Java vulnerability discovered

A new threat to the Apple platform was discovered following last week's news of the Flashback botnet.

Symantec reported that a brand new Trojan is targeting the identical vulnerability that the Flashback malware took good thing about in Java. Named 'Sabpub', it has the flexibility to open a backdoor that allows an attacker to send commands to the infected computer, including taking screenshots, downloading files or installing additional malware.

Symantec classified the infection as a “very low”-risk Trojan; research conducted over the weekend by Kaspersky Lab said Sabpub is designed to be used in targeted attacks. “At the instant, it's not clear how users get infected with this, however the low number and its backdoor functionality indicate that it's more commonly utilized in targeted attacks,” said Costin Raiu, director of Kaspersky Lab's global research and analysis team.

Raiu reported that the IP address of the command and control (C&C) server which hosts Sabpub is shared with that of a prior attack, often called 'Luckycat', that Kaspersky discovered in March. That was an advanced persistent threat campaign targeting Tibetan activists.

“The IP address of the C&C to which this bot connects (199.192.152) was extensively utilized in other Windows malware samples during 2011, which made us believe we were watching the similar entity behind these attacks,” Raiu said.

Further research by Kaspersky Lab revealed that there are a minimum of two variants of Sabpub within the wild: one which attacks the vulnerability in Java; and another that makes a speciality of an older vulnerability in Microsoft Word for OS X.

Roel Schouwenberg, senior researcher at Kaspersky Lab, said he suspected the attacks happen over email, while the Java vulnerability was likely exploited while browsing websites. He said the targeted nature of the attacks led Kaspersky researchers to believe phishing techniques were extensively utilized.

While Flashback infected computers through drive-by downloads, which involved the user visiting a bogus website online, Sabpub, which uses the identical Java vulnerability, is spread via targeted spam messages, resulting in researchers akin to Schouwenberg to mention infection numbers can be as little as the double digits.

Schouwenberg said: “People definitely want to make sure their software is up-to-date, the same as with Windows. So that isn't just OS X, but additionally Java and Office. Obviously, running security software may help.”



Pubblicato da alle 04:41

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)