Trojan Alert: SabPab Backdoor Exploiting Mac Java and MS Word Vulnerabilities

Gallery Icon

bill-swift - April 26, 2012

It seems that cybercriminals never take a break. With each new week comes more viruses to deal with and more vulnerabilities to address.

OS X was hit with one of the worst attacks ever earlier this month with the Flashback trojan. Apple has since released a patch to get rid of it, but it seems like another Mac trojan is hot on its heels and infecting machines that haven't installed the patch yet.

New warnings of Mac attacks were brought up by Intego, who warned about SabPab, a backdoor trojan that exploited vulnerabilities that were similar to what Flashback targeted.

SabPab is a backdoor that seeks to connect to remote command and control servers, presumably to harvest information on infected Macs. This malware installs in the user's /Library/LaunchAgents folder, so no administrator password is needed. It places its code in the user's /Library/Preferences folder (the

-- Intego

SabPab is also targeting a vulnerability in older versions of MS Word. Although a patched was released by Microsoft a few years ago, many Mac users never bothered to install it or simply didn't know about it if they turned off Microsoft's auto-updater.

New variants of the SabPab backdoor that we recently wrote about have been found using Word documents to deliver the same payload as the first variant. This variant uses the same technique to install files on Macs as the Tibet.C malware that we discussed in March.

-- Intego

Here's a quick tip: keep your Mac protected by installing the latest patches from Apple and other vendors and check for updates regularly. It's better to be safe than sorry.

Article by Hazel Chua
Gigadgetry: Cool Gadgets, Tech News, Quirky Devices

Tagged in: gear , java , mac ,

Disclaimer: All rights reserved for writing and editorial content. No rights or credit claimed for any images featured on unless stated. If you own rights to any of the images because YOU ARE THE PHOTOGRAPHER and do not wish them to appear here, please contact us info(@) and they will be promptly removed. If you are a representative of the photographer, provide signed documentation in your query that you are acting on that individual's legal copyright holder status.