Another Mac os Backdoor

Posted: April 17, 2012 in Vulnerabilities

Sabpab – Another Mac os Backdoor Trojan Discovered

Sabpab+-+Another+Mac+os+Backdoor+Trojan+Discovered
Security firm Sophos has discovered more malware for the Mac OS X platform called Sabpab. It uses the same Java vulnerability as Flashback to install itself as a “drive-by download.” Users of older versions of Java now have still more malware to worry about.
It also doesn’t require any user interaction to infect a system either just like Flashback all that needs to happen is for you to visit an infected webpage. Sabpab, according to Sophos, installs a backdoor that allows the hackers to capture screen snapshots, upload or download files and execute commands on infected Macs remotely.
The Trojan creates the files
  • /Users//Library/Preferences/com.apple.PubSabAgent.pfile
  • /Users//Library/LaunchAgents/com.apple.PubSabAGent.plist

Encrypted logs are sent back to the control server, so the hackers can monitor activity. Although one variant of Flashback installed a file in the LaunchAgents folder, not all tools for detecting Flashback do anything with that folder.

Symantec identifies the trojan asOSX.Sabpab which exploits the Oracle Java SE Remote Java Runtime Environment Denial Of Service Vulnerability (BID 52161) in order to install itself on to the compromised computer.
THN
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s