April 16, PC World – (International) Two more Mac trojans discovered. Following the outbreak of the Flashback Mac trojan, security researchers spotted two more cases of Mac OS X malware. Both cases are variants on the same trojan, called SabPub, said a Kaspersky Lab researcher. The first variant is known as Backdoor.OSX.SabPub.a. Like Flashback, this new threat was likely spread through Java exploits on Web sites, and allows for remote control of affected systems. It was created roughly 1 month ago. However, the malware is not a threat to most users. It may have only been used in targeted attacks, the researcher said, with links to malicious Web sites sent via e-mail, - 19 - and the domain used to fetch instructions for infected Macs has since been shut down. Furthermore, Apple’s security update for Flashback helps render future Java-based attacks harmless. In addition to removing the Flashback malware, the update automatically deactivates the Java browser plug-in and Java Web Start if they remain unused for 35 days. Users must then manually re-enable Java when they encounter applets on a Web page or a Web Start application. Instead of attacking through malicious Web sites, the second SabPub variant uses infected Microsoft Word documents as vector, distributed by e-mail. Like the other SabPub variant, this one was used only in targeted attacks.
Ali Loney, on April 16, 2012