bill-swift - April 26, 2012
It seems that cybercriminals never take a break. With each new week comes more viruses to deal with and more vulnerabilities to address.
OS X was hit with one of the worst attacks ever earlier this month with the Flashback trojan. Apple has since released a patch to get rid of it, but it seems like another Mac trojan is hot on its heels and infecting machines that haven't installed the patch yet.
New warnings of Mac attacks were brought up by Intego, who warned about SabPab, a backdoor trojan that exploited vulnerabilities that were similar to what Flashback targeted.
SabPab is a backdoor that seeks to connect to remote command and control servers, presumably to harvest information on infected Macs. This malware installs in the user's /Library/LaunchAgents folder, so no administrator password is needed. It places its code in the user's /Library/Preferences folder (the com.apple.PubSabAgent.pfile).
SabPab is also targeting a vulnerability in older versions of MS Word. Although a patched was released by Microsoft a few years ago, many Mac users never bothered to install it or simply didn't know about it if they turned off Microsoft's auto-updater.
New variants of the SabPab backdoor that we recently wrote about have been found using Word documents to deliver the same payload as the first variant. This variant uses the same technique to install files on Macs as the Tibet.C malware that we discussed in March.
Here's a quick tip: keep your Mac protected by installing the latest patches from Apple and other vendors and check for updates regularly. It's better to be safe than sorry.
Article by Hazel Chua
Gigadgetry: Cool Gadgets, Tech News, Quirky Devices
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.