Kaspersky Labs Issues Warning About New OS X Threat Called Backdoor.OSX.SabPub.a
This article was written by Amit Chowdhry. You can follow me at @amitchowdhry or on Google+ at +AmitChowdhry
Kaspersky Labs has issued a warning about a new OS X threat called Backdoor.OSX.SabPub.a. Costin Raiu wrote a post on Securelist that said that the Trojan connects to a command and control server that is hosted on a California based VPS associated with the Onedumb.com free DNS. The Trojan uses a Java exploit given a name Exploit.Java.CVE-2012-0507.bf with ZelixKlassMaster obfuscator to get past malware detection products. The infection vector is not clear, but there are reports that suggest that the Trojan is spreading through e-mails and directing users to URLs that host malware in the USA and Germany. Raiu also said that the malware is spreading from infected Office documents. The Trojan is in active stage.