• Your favorite








    , and
  • Newly Discovered Mac Trojan Exploits Same Java Vulnerability found in Flashback

    New malware dubbed “Dockster” that takes advantage of a well-documented Java vulnerability has been found on a website dedicated to the Dalai Lama. The Trojan has been able to install itself on a Mac user’s computer to capture keystrokes and other sensitive data. At the time of its discovery (on November 30), the code’s creators were testing whether it would be detected, but as of this writing, the malicious code is now “in the wild.”

    As mentioned in a previous report from F-Secure, Dockster leverages the same Java vulnerability to drop the backdoor onto a Mac, which then executes code to create an agent that feeds keylogs and other sensitive information to an off-site server. In the case of Flashback, which was discovered by Intego, a reported 600,000 Macs were affected before both Apple and Oracle ended up releasing a Java patch to remove the malware and protect against future attacks.

    The new Dockster seems to take advantage of an already fixed weakness; users who haven’t yet updated their Macs or are running older software may still be at risk. We’ll have to see what Apple and Oracle end up doing to remedy the situation; in the meantime, we'd suggest practicing safe browsing.

    Source: F-Secure, Intego
    This article was originally published in forum thread: Newly Discovered Mac Trojan Exploits Same Java Vulnerability found in Flashback started by Akshay Masand View original post
    Comments 4 Comments
    1. spazturtle's Avatar
      spazturtle -
      FFS: If you let any old java app from the web run you deserve Trojans.
      When it asks you if you if you want to run the java on the website just say no.

      Also when apple give you a security update just install it.
    1. steve-z17's Avatar
      steve-z17 -
      If you don't update your computer/software and get malware on your Mac you have no one to blame but yourself. It doesn't take long at all to do a software update and it could save you some grief.
    1. calvin8714's Avatar
      calvin8714 -
      or... you know... you have an old version of an OS that apple and/or java isn't updating anymore, and can't update to a newer OS because of the requirements needed for the upgrade aren't there...
    1. Cer0's Avatar
      Cer0 -
      Turn off Java in Safari or whatever browser you use then.

      Haven't had mine on in a long time.