Mac users warned to be wary of malicious MS Word Documents containing Trojan software

Discussion in 'Mac Basics and Help' started by Viking23, Apr 17, 2012.

Thread Status:
Not open for further replies.
  1. Viking23 macrumors member

    Joined:
    Mar 8, 2012
    Location:
    Scotland, UK
    #1
    This is from a reliable source in the UK.

    It's reported that a new version of the Mac OS X 'Sabpab' Trojan horse exploit has come to light, and this time, rather than relying upon a vulnerability in Java, it appears to be exploiting malformed Word documents.

    On opening the booby-trapped Word document on a vulnerable Mac, a version of the OSX/Sabpab Trojan horse gets installed on the computer opening a backdoor for remote hackers to steal information or install further code.
    There is no prompt to enter your username or password when the malicious software installs itself onto your Mac.

    A patch has been available for the vulnerability since 2009. To make sure that your version of Office for Mac is patched, open up any program from the MS Office suite, and choose the "Check for updates" option from the Help menu.

    After infecting a given Mac, this Trojan connects to a remote website using HTTP to fetch instructions from remote hackers telling it what to do. The backdoor contains functionality to take screenshots of the user’s current session, upload and download files, as well as execute commands remotely on the infected machine. Encrypted logs are sent back to the control server, so the hackers can monitor activity.

    This Trojan further underlines the importance of protecting Macs against malware with an updated anti-virus program as well as the latest security updates. A free anti-virus system is currently available from Sophos and software is also available from other suppliers.
    -------------------------------------------------------------------------------------------------------------------

    W E B L I N K S
    Sophos: http://nakedsecurity.sophos.com/2012/04/16/sabpab-trojan-mac-word/
    Sophos Descrioption:
    http://www.sophos.com/en-us/threat-...d-spyware/OSX~Sabpab-A/detailed-analysis.aspx

    ZDNet:
    http://www.zdnet.com/blog/security/new-targeted-mac-os-x-trojan-requires-no-user-interaction/11545

    c|net:
    http://news.cnet.com/8301-13579_3-57414516-37/new-mac-os-x-trojan-unearthed-call-it-sabpub/
    -------------------------------------------------------------------------------------------------------------------
    Remember always to update anti-virus systems daily, to use a personal firewall and a spyware inhibitor and to check for system updates regularly.


    Safe Computing!
     
  2. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #2
  3. Viking23 thread starter macrumors member

    Joined:
    Mar 8, 2012
    Location:
    Scotland, UK
    #3
    I don't use Sophos. However, I get my information from a very reliable source in the UK. Just hadn't spotted the earlier thread.

    Cheers
     
  4. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #4
    This appears to be your source. Whether they're reliable or not is not certain. Regardless of the source, Sophos isn't recommended for the reasons stated.
     
  5. Viking23 thread starter macrumors member

    Joined:
    Mar 8, 2012
    Location:
    Scotland, UK
    #5
    I can assure you that this source is a highly respected university in the UK and the information is, and always has been, 100% reliable, otherwise I would not use it.

    I have never said that I use Sophos, I have no need to.

    Do you have a problem with others posting information on likely security issues with software running on Apple computers? Let me know and I won't post anymore - possibly.
     
  6. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #6
    I never said you used it. Your post suggested it as a solution and I posted relevant information for anyone considering using it.
    Not at all. Do you have a problem with others adding relevant information that your posts don't include?
     
  7. Viking23 thread starter macrumors member

    Joined:
    Mar 8, 2012
    Location:
    Scotland, UK
    #7
    Like you not at all, but your post comes over as if you object. As a moderator on other forums, it seems a bit hostile!
     
Thread Status:
Not open for further replies.

Share This Page