The first one is known as Backdoor.OSX.SabPub.a. Like the common Flashback, this new threat was more than likely spread through Java exploits on Websites, and allows for remote control of affected systems. It is about one month old. It may have only been used in targeted attacks. And Apple’s security update for Flashback helps render future Java-based attacks harmless. It removes the Flashback malware, and the update automatically deactivates the Java browser plug-in and Java Web Start if they remain unused for 35 days. Users must then manually re-enable Java when they encounter applets on a Web page or a Web Start application.
The other SabPub variant is a bit of a traditionalist in comparison. It does not do any of its attacking through malicious Websites, it uses infected Microsoft Word documents, distributed via e-mail. Like the other SabPub variant, this one was used only in targeted attacks.
Leave a Reply