Kaspersky Labs Issues Warning About New OS X Threat Called Backdoor.OSX.SabPub.a

Posted Apr 16, 2012

Kaspersky Labs has issued a warning about a new OS X threat called Backdoor.OSX.SabPub.a. Costin Raiu wrote a post on Securelist that said that the Trojan connects to a command and control server that is hosted on a California based VPS associated with the Onedumb.com free DNS. The Trojan uses a Java exploit given a name Exploit.Java.CVE-2012-0507.bf with ZelixKlassMaster obfuscator to get past malware detection products. The infection vector is not clear, but there are reports that suggest that the Trojan is spreading through e-mails and directing users to URLs that host malware in the USA and Germany. Raiu also said that the malware is spreading from infected Office documents. The Trojan is in active stage.