back to article Yet another OSX/Java Trojan spotted in the wild

Hard on the heels of the Flashback Trojan, Kaspersky Lab is warning of a new OSX threat, which it’s dubbed Backdoor.OSX.SabPub.a. In a post to Securelist, Kaspersky’s Costin Raiu says the Trojan connects to a command and control server hosted on a Californian-based VPS associated with the Onedumb.com free DNS. Apparently a …

COMMENTS

This topic is closed for new posts.
  1. Tigra 07
    Coat

    "Deli Lama"??

    I for one welcome our Subway attending toasted oatmeal bread overlord

    1. Elmer Phud
      Alien

      Re: "Deli Lama"??

      Look within the salt beef sarnie, oh seeker of truth and enlightenment.

    2. Mostly_Harmless Silver badge
      Joke

      Re: "Deli Lama"??

      Can I have a sandwich please - make me one with everything

  2. Anonymous Coward
    Anonymous Coward

    Java or Office?

    Erm, so is the trojan another problem with Java or is actually a problem with MS Office on the Mac? Can somebody clarify?

    I'd hate to see Java getting dropped like Flash, but if it is yet another Java problem... hmm well.

    Oh nevermind, according to this blog post, Tibet trojan isn't Java's problem: http://www.computer-answers.ca/2012/computer-questions/macintosh-questions/microsoft-office-bourne-trojan-horse-for-mac/

    Should probably update your article unless that blog post is wrong.

    1. Anonymous Coward
      Anonymous Coward

      Re: Java or Office?

      Isn't Java already on the way out on the Mac due to Steve Jobs's fetish for destroying things that don't directly put money in his purse or allow him total domination over the end user experience?

      1. Anonymous Coward
        Anonymous Coward

        Re: Java or Office?

        I don't think Steve can take all the credits. His horde of zombie echo meat sacks are pretty resilient. But unfortunately I don't think Steve issued a crusade against Java. Though my hunch tells me Flash was probably the first step since they both have striking similarities.

        Shame the necromancer is now in the underworld. Though one can still hope he's actually controlling Tim Cook from his throne 10 feet under and will take this opportunity to destroy the Oracle.

    2. jubtastic1

      Re: Java or Office?

      Appears to be a spear phishing operation, MS word exploit used to install a java exploit, the version they just found has been nullified due to DNS resolution for the C&C being pulled but an earlier variant had the IP hard coded: 199.192.150.X so it might be an idea to check your routers for connections to that block, better safe than sorry.

      Only one of my clients uses java company wide, the rest are going to have if disabled and or removed tomorrow, life is too short for us to waste time making sure they are protected against exploits in software they never use.

  3. LoCatus

    I'm no fan, BUT!

    I'm no big fan of Apple, BUT I have to ask.

    WHAT SELF RESPECTING FANBOY. is so poorly educated as to install the MOST overpriced questionable piece of crudware on the planet that is MicroSloth Office?

    For crying out loud. YES I believe that for what you get most apple products are a bit overpriced but cummon! MS OFFICE? That one piece of "software" makes your fancy Mac look bargain basement priced.

    Think LibreOffice, OpenOffice, and various others that do an excellent job for much less expense. (Even if your company wishes to migrate from the MS crud)

    MS Office on a Mac. Oxymoron? or something the AV software should catch and block as soon as the installer starts to run?

    1. Tim99 Silver badge
      Meh

      Re: I'm no fan, BUT!

      Libre Office requires Java to be installed for full functionality on the Mac, so you are just changing the potential attack vector...

      1. Richard Taylor 2
        Happy

        Re: I'm no fan, BUT!

        And actually MS Office really is quite good (horror of horrors)

      2. Wensleydale Cheese

        Re: I'm no fan, BUT!

        @Tim99

        "Libre Office requires Java to be installed for full functionality on the Mac"

        LibreOffice does squeal a bit when you run it for the first time without Java installed, but it still runs fine. You lose the database side of things and some accessibility features, but the rest runs fine.

        From a recent LibreOffice changelog I found, it appears that the developers might be actively reducing Java dependency.

        1. Tim99 Silver badge
          Pint

          Re: I'm no fan, BUT!

          @Wensleydale Cheese

          "You lose the database side of things and some accessibility features, but the rest runs fine."

          Before I retired I was a database developer, so the database bit was what I was hoping to use in LibreOffice (without loading Java). These days I use SQLite from the command line or the FireFox SQLite Manager Add-on. There has been talk of LibreOffice using a native SQLite driver without Java dependencies, but I am not sure what stage that is at.

          As you say, LibreOffice seem to be depreciating Java - In view of the potential uncertainty that the Oracle purchase has brought, this may be a good thing anyway.

    2. Flashy Red
      Facepalm

      Re: I'm no fan, BUT!

      Oh, shut your pie hole. MS Office on the Mac is actually a decent product and it was THAT expensive -- c'mon you own a Mac and you're worried about pennies. I've actually used LibreOffice and its previous incarnations; it's slow and it requires Java. I've used iWork, too and it's so messed-up I'd be amazed if they captured ANY MS Office to iWork converts.

      Always used Office; always will. It works. I know it. Why change for change's sake.

      Java is the real problem here.

  4. Sean Timarco Baggaley

    So, basically...

    The only way to get hit by this piece of malware is to open a badly written email from a complete stranger that asks you to open up a Microsoft Word file.

    And the source of this confusing press release is... ah! Suddenly all is clear.

    Dear Kaspersky: exactly _how_ will your anti-malware application stop such problems? Will it nag me every time I open a file downloaded from the internet that it might contain something harmful to the computer? Because that'd be duplicating what OS X _already does_.

    Also, Microsoft's Office suite for Macs already has an additional warning if the document contains macros.

    So, that's two warnings the user's getting. If they still manage to infect their system, that's their own problem.

    1. Anonymous Coward
      Gimp

      Re: So, basically...

      Baggaley: "If they still manage to infect their system, that's their own problem."

      And if they infect their system after REPEATEDLY being told that "Macs don't get malware" by Apple and their legion of evangelical fanbois, who's fault is it then?

      1. Stuart Castle Silver badge

        Re: So, basically...

        Their's, because Apple don't actually say that. In fact, quite the opposite. They have a list of recommended virus checkers on their website.

        1. Anonymous Coward
          Anonymous Coward

          Re: So, basically...

          "Their's, because Apple don't actually say that."

          Really? Then what the fuck is this then?(MAC vs PC - 'Viruses').

          1. RachelG

            Re: So, basically...

            that, the fuck, is old. Might as well bring up Gates saying no-one will ever need more than 640K...

            1. Anonymous Coward
              FAIL

              Re: So, basically...

              RachelG: "Might as well bring up Gates saying no-one will ever need more than 640K..."

              Yeah, except Gates never actually said that, or anything like it.

              I think you'll find that many of the less-well informed (or less-honest) fanbois continue to spout the "Macs don't get viruses" myth.

          2. Stuart Castle Silver badge

            Re: So, basically...

            Actually, Apple didn't say Mac's didn't get viruses in that ad either.. The PC guy said there are over 114,000 viruses on the PC. The Mac guy replied with "PC, but not Mac". As such, stating there aren't over 114,000 viruses on the Mac. Even now, there aren't.

  5. Anonymous Coward
    Anonymous Coward

    Deli Lama

    I'll have one of those and a Coke.

  6. Big Al
    Trollface

    Don't Panic!

    It's okay, faith need not be troubled, this is clearly all the fault of Java and/or Microsoft, and nothing whatsoever to do with the Jobsian Perfection! ;)

    1. Anonymous Coward
      Anonymous Coward

      Re: Don't Panic!

      Indeed, I spoke with St. Jobs only recently, and he confirmed that the OneTrueWay of handling a Mac is to open the box, follow the insanely simple setup instructions, and then NOT install any other programs.

  7. jimbokern12
    Meh

    Oh boy, here we go again.

    And the propaganda war on Apple continues. Apple products do not get viruses or malware or anything of the like. These things are coded for Windows and Lunix machines, they only speak their respective programming languages. But you wouldn't know that reading M$ biased websites trying to throw everything including the kitchen sink at Apple in the hopes of something sticking. The reason these Macs are getting viruses is because they are running Windows or Lunix alongside them. If these "Apple users" were true Apple users and didn't put that grotesque software from M$ on their machines this would have never happened.

    - consumer that actually understands how things work

    1. Anonymous Coward
      Anonymous Coward

      Re: Oh boy, here we go again.

      "- consumer that actually understands how things work"

      Where?

    2. Paul Woodhouse
      FAIL

      Re: Oh boy, here we go again.

      obvious troll is obvious...

    3. PC1512
      FAIL

      Re: Oh boy, here we go again.

      I like my Mac, and OS X, and I think any sensible person (without an agenda to push) would concede that Mac's are still considerably more secure than Windows - but regardless of that, you sir are an embarrasment.

      If you truly knew "how things worked" you'd know that these last couple of trojans are exploiting a weakness in the Java engine *built into OS X* - and it's OS X that's getting infected as a result. This is nothing whatsoever to do with Windows or "Lunix", whatever that is.

      Up until last week, any perfectly stock Mac running Leopard, Snow Leopard or earlier, or a Mac running Lion but with the optional Apple-supplied Java runtime installed, was wide open to the Flashback trojan. No other software from Microsoft or anyone else needed to be installed. The result was a botnet of around 500,000 Macs, all running OS X just as Apple intended, and all infected.

      This was only possible because Apple sat on the knowledge of this Java weakness for 6 weeks, before finally passing the update on last week. There's no question that they've completely ballsed this up for themselves, and all Mac users, and they need to learn from their mistakes quickly. I personally don't want to end up resorting to the Windows route of antivirus, but with this cock-up Apple are pretty much handing users like us to the likes of Sophos and Kapersky on a plate.

      1. Crisp

        Re: Oh boy, here we go again.

        Unfortunately, PC's running OSX, Windows or Linux all suffer from the same major security vulnerability.

        This vulnerability can be found sitting between the chair and the keyboard.

    4. the-it-slayer

      Re: Oh boy, here we go again.

      I would normally defend this type point. However, you seem to have gone overboard and started sinking when you are blaming the problem on Windows/Linux coded products. Hold on? I didn't know executables were able to run on Cocoa? Anyway, some users don't have a choice but to keep working on Microsoft Office to support the work line or personally prefer it to the Mac equivalents.

      There's no such thing as a "true Apple user". The Apple user you describe yourself as is a "dork" essentially with no knowledge at all. You better go back reading "Dummies for X" series.

      To think viruses come from Windows/Linux is a very bold but stupid claim. One exploit can affect all systems where a programming method supported (i.e. Flash / Java / PDF etc). Apple products can get viruses if they're targetted. It's just they've been less prone to the most ugly of viruses/malware, but doesn't make them totally immune. This means less likely to get infected, but doesn't stop infection totally. Did you seriously miss the latest Java saga with Apple? Jeeeeeeees.

    5. jimbokern12
      Angel

      Re: Oh boy, here we go again.

      >mfw no one understands sarcastic trawling

  8. Crisp
    Coat

    Ewwww!

    That Apple has a worm in it!

  9. Ilgaz

    There is some progress though

    32 comments on a Mac malware story and nobody called the poor anti virus company names yet. The classic is "snake oil salesman".

    Fan fanaticism works so perfect that nobody dares to remind people that Apple made the cleaner tool osx 10.7 only. It would be like Microsoft releasing malware remover exclusively for win7.

    Not just us, black hats are noticing Apple's lack of actions and acting like a toy company. Apple isn't stupid or ignorant too, these stories serves well to their future dream, app store only osx.

    1. PC1512

      Re: There is some progress though

      I'm still fan enough to point out that the cleaner for 10.6 came out last week.

      Also, let's not pretend "the poor anti virus companies" aren't whooping for joy over this, after failing to peddle their wares to the mac community for a decade now. Regardless what's happened over the last month or so, it follows ten full years of corporate scaremongering over menaces that really didn't ever transpire, until now. Sophos, Kapersky, Norton et al will now, finally, do very nicely out this - whether or not any of their products would actually have prevented it..

      1. Ilgaz

        Re: There is some progress though

        current cleaner is 10.6/10.7, the one first announced by Apple in security list was lion only. I remember reading it and not getting surprised at all.

        These black hat leeches consisting of many script kiddies actually watch the response time of companies and any weakness they show such as being lazy/ greedy to skip older major versions.

        Anyway, not an Apple customer anymore and not having enough English to explain all of my point. I just say a 400 client network was manually cleaned by an admin or freaking newspaper wouldn't make to print. Not naming of course. Lets blame them for being stupid if they use their cross licensing to switch to Windows?

This topic is closed for new posts.

Other stories you might like