'Sabpab' Trojan seeks out Mac OS X

Apr 17, 2012 by Nancy Owano report

(Phys.org) -- Three compelling reasons that Mac loyalists say justify their love for Macs have been that Macs are 1) the prettiest computers around (2) ideal for any new-age brain that prefers visually rich knowledge work and (3) their systems are far safer than Windows-based PCs, which have been sneered at as malware magnets. This year, life has got Mac-Liter as now they only have to brandish two good reasons. Researchers at major security companies such as Kaspersky Lab and Sophos say that the Mac has yet another Trojan attacker, following Flashback, that can steal information from a system once infected.

The Sabpab Trojan represents a second round of malware targeted at users of machines. The earlier , according to some reports, may have succeeded in infecting as many as 600,000 Mac systems. Flashback was designed to get installed on as many machines as possible so that its operators could profit from scams such as click fraud. Apple resolved the mess by issuing a patch while other companies offered up their own clean-up tools for detection and removal. Observers expressed concerns over how Apple was late in presenting its own tool to remove the Flashback malware, while, outside Apple, other firms had issued their free offerings.

With this latest Trojan, the exploiters are able to grab screenshots from infected Macs, upload and download files, and execute commands remotely. According to reports, the malware takes advantage of the same in Java that Flashback exploited.

Two unsettling features of the new malware are that this is a back-door Trojan that does not require any user interaction to infect and, according to Costin Rau, a with Kaspersky, the is an advance persistent threat (APT) attack in an active stage.

The definition of APT varies from one group to another, but it is not trivial. The U.S. National Institute of Standards and Technology (NIST) defines APT as “an adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives” using multiple attack vectors. Mandiant, an information security company, calls the APT a sophisticated and organized cyber attack to access and steal information from compromised computers. ”The attacks used by the APT intruders are not very different from any other intruder,” says the company; the difference is in the intruder’s perseverance and resources. “They have malicious code (malware) that circumvents common safeguards such as anti-virus and they tend to generate more activity than wanton ‘drive by hacks’ on the Internet."

The APT threat is using IP addresses that have been known to wage similar attacks on Windows users, according to Kaspersky.

Sophos sources, meanwhile, say that the “Sabpab” is not believed to be as widespread as Flashback, but it is yet another wakeup call for Mac users that security is no longer a non-issue. Security on the Mac has become a key issue.

Explore further: People stick with favorites in sea of mobile apps

Related Stories

Apple out to kill widespread Macintosh virus

Apr 11, 2012

Apple said it is crafting a weapon to vanquish a Flashback virus from Macintosh computers and working to disrupt the command network being used by hackers behind the infections. ...

Sophos identifies a trojan for OS X

Feb 28, 2011

(PhysOrg.com) -- Macs have, for the most part, been considered to be more secure than their PC counterparts due to the lack of developments of viruses and other malicious codes that are created for them. Most ...

Adobe confirms zero-day danger in Reader and Acrobat

Dec 07, 2011

(PhysOrg.com) -- Adobe on Tuesday issued a critical security advisory for Adobe Reader and Acrobat. A vulnerability was detected and confirmed in Adobe Reader X (10.1.1) and earlier versions for Windows and ...

Apple's March 2012 sandbox rule angers developers

Nov 05, 2011

Apple has finally issued its directive toward developers after a stalled November date. As of March 2012 Mac apps submitted to the Mac App store will have to abide by sandboxing requirements. While developers ...

Recommended for you

Does your computer know how you're feeling?

Aug 22, 2014

Researchers in Bangladesh have designed a computer program that can accurately recognize users' emotional states as much as 87% of the time, depending on the emotion.

Microsoft to unveil new Windows software

Aug 21, 2014

A news report out Thursday indicated that Microsoft is poised to give the world a glimpse at a new-generation computer operating system that will succeed Windows 8.

Unlocking the potential of simulation software

Aug 21, 2014

With a method known as finite element analysis (FEA), engineers can generate 3-D digital models of large structures to simulate how they'll fare under stress, vibrations, heat, and other real-world conditions.

User comments : 11

Adjust slider to filter visible comments by rank

Display comments: newest first

krundoloss
5 / 5 (3) Apr 17, 2012
Its true that malware creation is a numbers game, and you want to infect or have the chance to infect the highest number of machines possible. If everyone used Macs, then Mac would get just as many viruses as Windows computers do. There are smart people that will do anything for money, and they just have to find one way to run code on a computer. They make money doing this, so it will never go away. No matter how secure your system is, if someone stands to make money by hacking it, it is at risk.
kaasinees
0 / 5 (21) Apr 17, 2012
Its true that malware creation is a numbers game, and you want to infect or have the chance to infect the highest number of machines possible. If everyone used Macs, then Mac would get just as many viruses as Windows computers do. There are smart people that will do anything for money, and they just have to find one way to run code on a computer. They make money doing this, so it will never go away. No matter how secure your system is, if someone stands to make money by hacking it, it is at risk.

Not really true, you can design you operating system to become less suspectable to harmful software, the user is usually the problem, the solution is to allow the user to manager software permissions. IE access to folder or files, and to inform the user before allowing access etc.
The problem with windows is that it was easy for software to do harmful things even without any actions performed by the user, this has somewhat changed in the new version of windows though.
LuckyBrandon
4 / 5 (4) Apr 17, 2012
@kaasinees- informing the user before allowing access poses 2 problems: 1. it was tried in Vista and failed miserably 2. the system also has to write to files....so if this were fully implemented, you will get nothing accomplished due to being constantly prompted for things (again, see Vista).
The latter part of your argument is no different than what is happening now with the Macs. They simply were a waste of time to target now. The fact is, they are STILL a waste of time to target, but targeting them can give insight to attack other more valueable apple products, such as the iPhone or iPad. THAT is where the money will come into play here...the fact is, no matter what the operating system, there is ALWAYS an attack surface. It's impossible to avoid, but is possible to reduce. Apple is literally 2 decades behind on being able to figure out how to negotiate this problem. They will scratch their butts and pay other companies to actually fix the problem...
kaasinees
0.1 / 5 (22) Apr 17, 2012
1. it was tried in Vista and failed miserably

Microsoft programmers are ten time worse than mac "programmers" and linux programmers.
2. the system also has to write to files....

This is not an argument at all i dont understand this logic, the permissions for the installed system are already there.
so if this were fully implemented, you will get nothing accomplished due to being constantly prompted for things

No, only for the first time after installing.
You can even do it during installing.
IE when an exe/dll is placed on the filesystem you can popup a prompt with permissions, allow internet acces, allow filesystem acces advanced options.
You wont be constantly prompted. And you no longer need firewall software or active running antivirus software constantly scanning every file.
randall_l
4.3 / 5 (3) Apr 17, 2012
Simple solution: stop giving users elevated privileges.

As long as users have them by default (on OS X and Windows) and programmers write software unnecessarily requiring them, viruses and malware will run rampant.
Stitllams
4.5 / 5 (4) Apr 17, 2012
Microsoft programmers are ten time worse than mac "programmers" and linux programmers.

Where is your evidence of this, surely you must realise the only OS that cant get infected ever is one that is turned off, the more prevalent an OS is, the more likely somebody will learn ways to hack crack and infect and there is a fine line between protecting and being over protective, that point was made very clear with Vista.
Green_Dragon
not rated yet Apr 17, 2012
Lucky this might be true, but it works on various distros of Linux doesn't it? The difference being linux users are more informed of computer use and risk than the windows user. After this I would say the only thing that could be done to secure users would be a strict approval system for programs like iOS, which is nigh impossible at this point.
cyberCMDR
not rated yet Apr 18, 2012
I thought Trojans were called that because some user action was required to install them. The article said no user action was required for the malware to infect the Mac.
sherriffwoody
5 / 5 (1) Apr 18, 2012
Microsoft programmers are ten time worse than mac "programmers" and linux programmers.

This sounds more like a biased statement rather than fact. In fact security companies have been saying for a few years now that Windows is now quite pro-active and more secure than some apple products. Of course people didn't believe these security companies because apple products were little affected. But now we may be seeing this statement from security professionals actually coming true.
kaasinees
0.1 / 5 (23) Apr 18, 2012
Microsoft programmers are ten time worse than mac "programmers" and linux programmers.

This sounds more like a biased statement rather than fact. In fact security companies have been saying for a few years now that Windows is now quite pro-active and more secure than some apple products. Of course people didn't believe these security companies because apple products were little affected. But now we may be seeing this statement from security professionals actually coming true.

Are you kidding me?
I actually have experience in the field.
LuckyBrandon
1 / 5 (1) May 31, 2012
1. it was tried in Vista and failed miserably

Microsoft programmers are ten time worse than mac "programmers" and linux programmers.
2. the system also has to write to files....

This is not an argument at all i dont understand this logic, the permissions for the installed system are already there.
so if this were fully implemented, you will get nothing accomplished due to being constantly prompted for things

No, only for the first time after installing.
You can even do it during installing.
IE when an exe/dll is placed on the filesystem you can popup a prompt with permissions, allow internet acces, allow filesystem acces advanced options.
You wont be constantly prompted. And you no longer need firewall software or active running antivirus software constantly scanning every file.


This is called SFC (system file checker)...it has existed for YEARS :) And a virus, well, it does most of its work in RAM these days....