Feeds

back to article Yet another OSX/Java Trojan spotted in the wild

Hard on the heels of the Flashback Trojan, Kaspersky Labs is warning of a new OSX threat, which it’s dubbed Backdoor.OSX.SabPub.a. In a post to Securelist, Kaspersky’s Costin Raiu says the Trojan connects to a command and control server hosted on a Californian-based VPS associated with the Onedumb.com free DNS. Apparently a …

COMMENTS

This topic is closed for new posts.

This post has been deleted by a moderator

Re: ANOTHER APPLE VIRUS

Yes your PC is fine, except for your caps lock being broken :)

18
0

Re: ANOTHER APPLE VIRUS

I can't get why you keep posting, really...

2
1
Silver badge

Re: ANOTHER APPLE VIRUS

I think he's collecting downvotes.

3
0
Silver badge
Thumb Up

Re: re: ANOTHER APPLE VIRUS

Yes, it's a bit noisy in here for those who are recovering after a weekend.

I recommend that on Monday mornings only italics should be used.

3
0
Happy

Re: re: ANOTHER APPLE VIRUS

I think we should be grateful El Reg doesn't allow us to post in any colour text we like. Time was we lived opposite a house with a large, fluoro pink roof, not something helpful to look at first thing after a hard night.

0
0
Coat

"Deli Lama"??

I for one welcome our Subway attending toasted oatmeal bread overlord

13
0
Silver badge
Alien

Re: "Deli Lama"??

Look within the salt beef sarnie, oh seeker of truth and enlightenment.

0
0
Joke

Re: "Deli Lama"??

Can I have a sandwich please - make me one with everything

4
0
Anonymous Coward

Java or Office?

Erm, so is the trojan another problem with Java or is actually a problem with MS Office on the Mac? Can somebody clarify?

I'd hate to see Java getting dropped like Flash, but if it is yet another Java problem... hmm well.

Oh nevermind, according to this blog post, Tibet trojan isn't Java's problem: http://www.computer-answers.ca/2012/computer-questions/macintosh-questions/microsoft-office-bourne-trojan-horse-for-mac/

Should probably update your article unless that blog post is wrong.

2
0
Anonymous Coward

Re: Java or Office?

Isn't Java already on the way out on the Mac due to Steve Jobs's fetish for destroying things that don't directly put money in his purse or allow him total domination over the end user experience?

4
2
Anonymous Coward

Re: Java or Office?

I don't think Steve can take all the credits. His horde of zombie echo meat sacks are pretty resilient. But unfortunately I don't think Steve issued a crusade against Java. Though my hunch tells me Flash was probably the first step since they both have striking similarities.

Shame the necromancer is now in the underworld. Though one can still hope he's actually controlling Tim Cook from his throne 10 feet under and will take this opportunity to destroy the Oracle.

1
5
Bronze badge

Re: Java or Office?

Appears to be a spear phishing operation, MS word exploit used to install a java exploit, the version they just found has been nullified due to DNS resolution for the C&C being pulled but an earlier variant had the IP hard coded: 199.192.150.X so it might be an idea to check your routers for connections to that block, better safe than sorry.

Only one of my clients uses java company wide, the rest are going to have if disabled and or removed tomorrow, life is too short for us to waste time making sure they are protected against exploits in software they never use.

2
0

I'm no fan, BUT!

I'm no big fan of Apple, BUT I have to ask.

WHAT SELF RESPECTING FANBOY. is so poorly educated as to install the MOST overpriced questionable piece of crudware on the planet that is MicroSloth Office?

For crying out loud. YES I believe that for what you get most apple products are a bit overpriced but cummon! MS OFFICE? That one piece of "software" makes your fancy Mac look bargain basement priced.

Think LibreOffice, OpenOffice, and various others that do an excellent job for much less expense. (Even if your company wishes to migrate from the MS crud)

MS Office on a Mac. Oxymoron? or something the AV software should catch and block as soon as the installer starts to run?

0
9
Bronze badge
Meh

Re: I'm no fan, BUT!

Libre Office requires Java to be installed for full functionality on the Mac, so you are just changing the potential attack vector...

5
0
Bronze badge
Happy

Re: I'm no fan, BUT!

And actually MS Office really is quite good (horror of horrors)

2
0

Re: I'm no fan, BUT!

@Tim99

"Libre Office requires Java to be installed for full functionality on the Mac"

LibreOffice does squeal a bit when you run it for the first time without Java installed, but it still runs fine. You lose the database side of things and some accessibility features, but the rest runs fine.

From a recent LibreOffice changelog I found, it appears that the developers might be actively reducing Java dependency.

2
0
Facepalm

Re: I'm no fan, BUT!

Oh, shut your pie hole. MS Office on the Mac is actually a decent product and it was THAT expensive -- c'mon you own a Mac and you're worried about pennies. I've actually used LibreOffice and its previous incarnations; it's slow and it requires Java. I've used iWork, too and it's so messed-up I'd be amazed if they captured ANY MS Office to iWork converts.

Always used Office; always will. It works. I know it. Why change for change's sake.

Java is the real problem here.

1
0
Bronze badge
Pint

Re: I'm no fan, BUT!

@Wensleydale Cheese

"You lose the database side of things and some accessibility features, but the rest runs fine."

Before I retired I was a database developer, so the database bit was what I was hoping to use in LibreOffice (without loading Java). These days I use SQLite from the command line or the FireFox SQLite Manager Add-on. There has been talk of LibreOffice using a native SQLite driver without Java dependencies, but I am not sure what stage that is at.

As you say, LibreOffice seem to be depreciating Java - In view of the potential uncertainty that the Oracle purchase has brought, this may be a good thing anyway.

0
0

So, basically...

The only way to get hit by this piece of malware is to open a badly written email from a complete stranger that asks you to open up a Microsoft Word file.

And the source of this confusing press release is... ah! Suddenly all is clear.

Dear Kaspersky: exactly _how_ will your anti-malware application stop such problems? Will it nag me every time I open a file downloaded from the internet that it might contain something harmful to the computer? Because that'd be duplicating what OS X _already does_.

Also, Microsoft's Office suite for Macs already has an additional warning if the document contains macros.

So, that's two warnings the user's getting. If they still manage to infect their system, that's their own problem.

5
3
Gimp

Re: So, basically...

Baggaley: "If they still manage to infect their system, that's their own problem."

And if they infect their system after REPEATEDLY being told that "Macs don't get malware" by Apple and their legion of evangelical fanbois, who's fault is it then?

6
2

Re: So, basically...

Their's, because Apple don't actually say that. In fact, quite the opposite. They have a list of recommended virus checkers on their website.

2
4
Anonymous Coward

Re: So, basically...

"Their's, because Apple don't actually say that."

Really? Then what the fuck is this then?(MAC vs PC - 'Viruses').

2
0

Re: So, basically...

that, the fuck, is old. Might as well bring up Gates saying no-one will ever need more than 640K...

0
3
FAIL

Re: So, basically...

RachelG: "Might as well bring up Gates saying no-one will ever need more than 640K..."

Yeah, except Gates never actually said that, or anything like it.

I think you'll find that many of the less-well informed (or less-honest) fanbois continue to spout the "Macs don't get viruses" myth.

1
0

Re: So, basically...

Actually, Apple didn't say Mac's didn't get viruses in that ad either.. The PC guy said there are over 114,000 viruses on the PC. The Mac guy replied with "PC, but not Mac". As such, stating there aren't over 114,000 viruses on the Mac. Even now, there aren't.

0
0
Bronze badge

Deli Lama

I'll have one of those and a Coke.

0
0
Trollface

Don't Panic!

It's okay, faith need not be troubled, this is clearly all the fault of Java and/or Microsoft, and nothing whatsoever to do with the Jobsian Perfection! ;)

2
1

Re: Don't Panic!

Indeed, I spoke with St. Jobs only recently, and he confirmed that the OneTrueWay of handling a Mac is to open the box, follow the insanely simple setup instructions, and then NOT install any other programs.

4
0
Meh

Oh boy, here we go again.

And the propaganda war on Apple continues. Apple products do not get viruses or malware or anything of the like. These things are coded for Windows and Lunix machines, they only speak their respective programming languages. But you wouldn't know that reading M$ biased websites trying to throw everything including the kitchen sink at Apple in the hopes of something sticking. The reason these Macs are getting viruses is because they are running Windows or Lunix alongside them. If these "Apple users" were true Apple users and didn't put that grotesque software from M$ on their machines this would have never happened.

- consumer that actually understands how things work

0
16
Anonymous Coward

Re: Oh boy, here we go again.

"- consumer that actually understands how things work"

Where?

5
0
FAIL

Re: Oh boy, here we go again.

obvious troll is obvious...

5
0
FAIL

Re: Oh boy, here we go again.

I like my Mac, and OS X, and I think any sensible person (without an agenda to push) would concede that Mac's are still considerably more secure than Windows - but regardless of that, you sir are an embarrasment.

If you truly knew "how things worked" you'd know that these last couple of trojans are exploiting a weakness in the Java engine *built into OS X* - and it's OS X that's getting infected as a result. This is nothing whatsoever to do with Windows or "Lunix", whatever that is.

Up until last week, any perfectly stock Mac running Leopard, Snow Leopard or earlier, or a Mac running Lion but with the optional Apple-supplied Java runtime installed, was wide open to the Flashback trojan. No other software from Microsoft or anyone else needed to be installed. The result was a botnet of around 500,000 Macs, all running OS X just as Apple intended, and all infected.

This was only possible because Apple sat on the knowledge of this Java weakness for 6 weeks, before finally passing the update on last week. There's no question that they've completely ballsed this up for themselves, and all Mac users, and they need to learn from their mistakes quickly. I personally don't want to end up resorting to the Windows route of antivirus, but with this cock-up Apple are pretty much handing users like us to the likes of Sophos and Kapersky on a plate.

3
0
Silver badge

Re: Oh boy, here we go again.

Unfortunately, PC's running OSX, Windows or Linux all suffer from the same major security vulnerability.

This vulnerability can be found sitting between the chair and the keyboard.

6
0

Re: Oh boy, here we go again.

I would normally defend this type point. However, you seem to have gone overboard and started sinking when you are blaming the problem on Windows/Linux coded products. Hold on? I didn't know executables were able to run on Cocoa? Anyway, some users don't have a choice but to keep working on Microsoft Office to support the work line or personally prefer it to the Mac equivalents.

There's no such thing as a "true Apple user". The Apple user you describe yourself as is a "dork" essentially with no knowledge at all. You better go back reading "Dummies for X" series.

To think viruses come from Windows/Linux is a very bold but stupid claim. One exploit can affect all systems where a programming method supported (i.e. Flash / Java / PDF etc). Apple products can get viruses if they're targetted. It's just they've been less prone to the most ugly of viruses/malware, but doesn't make them totally immune. This means less likely to get infected, but doesn't stop infection totally. Did you seriously miss the latest Java saga with Apple? Jeeeeeeees.

0
0
Angel

Re: Oh boy, here we go again.

>mfw no one understands sarcastic trawling

0
3
Silver badge
Coat

Ewwww!

That Apple has a worm in it!

1
0

There is some progress though

32 comments on a Mac malware story and nobody called the poor anti virus company names yet. The classic is "snake oil salesman".

Fan fanaticism works so perfect that nobody dares to remind people that Apple made the cleaner tool osx 10.7 only. It would be like Microsoft releasing malware remover exclusively for win7.

Not just us, black hats are noticing Apple's lack of actions and acting like a toy company. Apple isn't stupid or ignorant too, these stories serves well to their future dream, app store only osx.

1
1

Re: There is some progress though

I'm still fan enough to point out that the cleaner for 10.6 came out last week.

Also, let's not pretend "the poor anti virus companies" aren't whooping for joy over this, after failing to peddle their wares to the mac community for a decade now. Regardless what's happened over the last month or so, it follows ten full years of corporate scaremongering over menaces that really didn't ever transpire, until now. Sophos, Kapersky, Norton et al will now, finally, do very nicely out this - whether or not any of their products would actually have prevented it..

1
0

Re: There is some progress though

current cleaner is 10.6/10.7, the one first announced by Apple in security list was lion only. I remember reading it and not getting surprised at all.

These black hat leeches consisting of many script kiddies actually watch the response time of companies and any weakness they show such as being lazy/ greedy to skip older major versions.

Anyway, not an Apple customer anymore and not having enough English to explain all of my point. I just say a 400 client network was manually cleaned by an admin or freaking newspaper wouldn't make to print. Not naming of course. Lets blame them for being stupid if they use their cross licensing to switch to Windows?

0
0
This topic is closed for new posts.