

One of the signatures Sophos says it has found Security specialist Sophos reports that it has discovered new Mac malware which exploits the same Java hole in Mac OS X that was also used by the "Flashback" malware and has since been closed by Apple. The backdoor trojan is called "OSX/Sabpab-A" and is said to establish a HTTP connection to a command & control server once it has infected a computer. According to Sophos's Graham Cluley, attackers then have the ability to execute arbitrary commands, upload and download files, and take screenshots on infected systems.

The security firm says that, like Flashback, OSX/Sabpab-A spreads via the web; apparently, simply visiting a malicious web page on a Mac with an unpatched version of Java is all that's required to become infected. Sophos provides no further details on the distribution of the malware but has given it a low "prevalence" rating.

Users can protect their systems by installing the latest Java updates, which fixes the problem and automatically disables the Java web plugin by default; users can re-enable this via the Java Preferences application (Applications ➤ Utilities ➤ Java Preferences).

See also:

(crve)