SabPub Trojan Strikes Again on Mac platform

Asked By Garrick Sanderford 0 points N/A Posted on - 04/18/2012

SabPub is another malware targeting Macs.

I heard that it can penetrate through ordinary anti-virus,

So how can I avoid this malware?

• Status: Open
• Question Views: 859
• Answer Count: 2
• Vote Up 0 Vote Down

• Answer Accepted: Yes
• Question Category: Internet Security

Best Answer by Sharath Reddy

Go To Solution

Answered By Jeffrey Atala 0 points N/A #158815

SabPub Trojan Strikes Again on Mac platform

Hi there,

The new trojan is named Backdoor.OSX.SabPub, or SabPub for short. 

Costin Raiu, the computer security expert from Kaspersky said that SabPub was originated on February 2012. 

 

The malware was first distributed by phishing emails or spams, but once it get caught on a computer, 

the virus begins infecting and spreading via Microsoft Office documents.

 

SabPub uses Java exploit Flashback to get rid of antivirus software's detection.

 

Computers affected with the SabPub virus are more vulnerable to intruders, accessing the contents of the 

hard drive remotely. It is believed that computers are being infiltrated by intruders , with attackers personally 

rummaging through – and downloading – victims' files and documents.

 

The intruders are able to take screen shots and even can take control of infected computers remotely.

 

If your computer gets affected by Flashback, there's no cure for SabPub yet. The only way is to keep your 

antivirus software up to date and Consistently checks for solutions over internet.

About Jeffrey Atala

Questions
0

Answers
82

Best Answers
34

• Vote Up 0 Vote Down

• Posted on - 04/19/2012
• Question Category: Internet Security

Best Answer

Best Answer

Answered By Sharath Reddy 590495 points N/A #158816

SabPub Trojan Strikes Again on Mac platform

A security researcher named Costin Raiu working at the Kaspersky Lab has discovered another Mac OS X Trojan virus. It is called Backdoor.OSX.SabPub.a or simply “SabPub”. Actually, there are already two variations of the SabPub virus that are being distributed by means of Java exploits. The virus utilizes Java exploits to contaminate a Macintosh computer then it will connect to a remote website and will then wait for instructions.

The possible instructions may include taking of screenshots of the Mac computer and most especially running commands. The Trojan virus acts as a remote control being controlled on a remote computer and executes every command it receives. According to Costin Raiu, the Java exploits appear to be very standard and have been concealed by means of ZelixKlassMaster which is a flexible and somewhat powerful Java obfuscator.

The discovery of the SabPub virus happened after a heightened alert against the Flashback Trojan virus which already infected more than 600,000 Macintosh computers all over the world. The first variant of the SabPub virus was discovered around February of 2012,and the manner of infection appears to be in targeted attacks.

This limits the ability of the virus to make widespread invasions like what the Flashback Trojan virus did. The second variant of the SabPub virus which was already named above was somewhat distributed as a DOC file.

About Sharath Reddy

Questions
1

Answers
14599

Best Answers
2290

• Vote Up 0 Vote Down

• Posted on - 09/07/2013
• Question Category: Internet Security