Another Mac Trojan Discovered Hiding in Microsoft Office

[Phillip Swanson]

The Flashback Trojan dominated headlines, news feeds, and Twitter feeds over the last couple weeks as the revelation that Macs can be affected by malware, viruses, and other exploits blew the collective minds of the country. Expect the trend of shocked consumers to continue as another Mac Trojan has been identified.

The new Mac-specific trojan is called Backdoor.OSX.SabPub.a and is spreading because of a vulnerability in Microsoft Office for Mac. The already month-old trojan uses a Java exploit (don't they all?) to get get around malware protection software. Once installed it connects to a command and control server hosted on a server in California. The Trojan spreads through infected Office documents actively searching through documents. What for? This isn't known yet.

The SabPub exploit actually has one other variant created at an earlier time. An interesting bit, the word document that spread the trojan was named "10th March Statement" which directly linked with the Dalai-Lama and Tebetan Community. The Dalai-Lama released a special statement on March 10, 2011 in honor of the Anniversary of the Tibetan People's National Uprising Day.

This is further evidence that the popularity of OSX, and Apple's success is beginning to warrant the creation of OSX specific viruses, and malware attacks. The honeymoon was bound to end.

Source: Securelist

[JimboHurt]

Wow

[Sasukekun77]

Let the Microsoft hate comments start :P

[mustard05]

Is this really that big of a deal? I have never been under the false impression that my Mac was safe from online threats, only safer than the traditional PC. Anyone under the impression that they were safe to begin with just because they were using a Mac is being foolish. With that being said, ModmyI will blow this up as much as they can to get hits. It is what it is.

[mvangogh]

so how do you check if you have it and how do you get rid of it?

[xhazex9x]

Pc all day erryday son!!

[driveby]

PCs should be burned and broken

[bigboyz]

I understand that Mac users as myself are "not used" to dealing with worms, viruses and botnets..but it was inevitable. Are we going to get an update every time one is out there? haha! Does Microsoft make all of their Trojans/viruses public? NO..cause they would have no time to do anything else haha!

On a serious note, none of these so called viruses are really that bad..they are not crashing systems, they are collecting info(maybe to write a better virus in the future)and relaying it back to a server or something of that nature. Its only going to be more prevalent moving forward. Its just another nod to a great OS that rarely sees issues. Im sure Apple will start taking these threats much more seriously as their reputation depends on it. I mean they depend on our $$..I mean..

[celeron]

Another trojan?!

[Rokesomesmeefer]

I understand that Mac users as myself are "not used" to dealing with worms, viruses and botnets..but it was inevitable. Are we going to get an update every time one is out there? haha! Does Microsoft make all of their Trojans/viruses public? NO..cause they would have no time to do anything else haha!

On a serious note, none of these so called viruses are really that bad..they are not crashing systems, they are collecting info(maybe to write a better virus in the future)and relaying it back to a server or something of that nature. Its only going to be more prevalent moving forward. Its just another nod to a great OS that rarely sees issues. Im sure Apple will start taking these threats much more seriously as their reputation depends on it. I mean they depend on our $$..I mean..

I dunno about you, but I would much rather have my system crash than to have private information be shipped off to a 3rd party by a virus. A crashed system can be easily fixed or replaced. The problems caused by the theft of private information are not so easily fixed and, in many cases, cannot be fixed at all.

[lkailburn]

I'm confused. First you blame it on a security vulnerability in Microsoft Office but then say it's a java exploit...

-Luke

[dennder]

Interesting thing is, that previous one was java vulnerability and this one is microsoft office vulnerability. Not that these facts negate the seriousness of the problem, show me trojan/virus... that uses mac os specific hole, not ones of third-party software known to have holes for the entirety of their history.

iOS had problems as i recall, MacOS surely has too...

[Rokesomesmeefer]

...show me trojan/virus... that uses mac os specific hole, not ones of third-party software known to have holes for the entirety of their history...

That's a rather naive statement. If security holes in 3rd-party software, especially 3rd-party software that is "known to have holes for the entirety of their history", are able to impact the OS, then the OS is no more secure than the 3rd-party software.

[wildgene789]

Java drive bys for the win!

[steve-z17]

The more popular Macs become the more trojans/viruses will be made for them, that's just how it goes. Just don't download anything from Java or Microsoft

[killakill]

PCs should be burned and broken

To let everyone know, Macs are NOT less prone to viruses. Up until recently macs were such a small share in the market not many people were using them. Than, a few different marketing techniques and a few visionary changes, they are growing popularity. More programs are being released for the os, hence more people want them. As more people buy macs, there than come a "reason" for trojans and all other virus related stuff too be created; now there is an actual amount of people that can be infected. With macs growing in sales, we WILL be seeing more and more viruses.

[MrLingerLonger]

This is just the beginning I am sure. The more popular macs get the more people will have a reason to create more intense virus's. They continue to do it with windows and now they are starting to pop up with Mac.

[quidam_brujah]

To let everyone know, Macs are NOT less prone to viruses. Up until recently macs were such a small share in the market not many people were using them. Than, a few different marketing techniques and a few visionary changes, they are growing popularity. More programs are being released for the os, hence more people want them. As more people buy macs, there than come a "reason" for trojans and all other virus related stuff too be created; now there is an actual amount of people that can be infected. With macs growing in sales, we WILL be seeing more and more viruses.

You actually provided the definition of 'less prone' in your rant. So, yeah, they currently are 'less prone'. How much longer will this be the case... Who knows... You mentioned some of the factors. For quite some time, every compromise (see PWN2OWN) has required a user to initiate action to be owned and there's very little you can do to overcome ignorant users determined to get PWNd. The same can't be said for MS OSs. Based on that, I would wager that there is inherently more security in the current OS X architecture than in MS's. That means plugging and preventing holes should be easier in OS X. But, it's up to Apple to implement: it's their game to lose.

[reopeadres]

And Steve Jobs just rolled over in his grave.

[The Amazing Atheist]

Here come the Macfags bashing the PCfags. Because Microsoft was planning this months ago.

I'm confused. First you blame it on a security vulnerability in Microsoft Office but then say it's a java exploit...

-Luke

It uses the Java exploit to bypass the virus protection.