Monday, April 16, 2012

Apple MacOSX Malware: Java Exploit Phase 2


Apple MacOSX Malware: Java Exploit Phase 2

Abstract:
As noted in a previous article, MacOSX experienced a pretty severe malware exploit, through an Oracle Java vulnerability. It appears a second Java exploit targeting Apple Macintosh OSX is current active on the Internet.

Previous Resolution:
Apple engaged a Java fix, as well as forcing the shutdown of Java applets, by default. The latter was considered pretty heavy-handed, but considering the second exploit was just revealed, one must wonder whether Apple was aware of this issue looming on the horizon.

New Java Exploit:
An writer at securelist.com described the new malware issue.
This new threat is a custom OS X backdoor, which appears to have
been designed for use in targeted attacks. After it is activated on an infected
system, it connects to a remote website in typical C&C fashion to fetch
instructions. The backdoor contains functionality to make screenshots of the
user’s current session and execute commands on the infected machine.

Interesting:
It appears from the screenshot that there is a Microsoft ASPX involved, in the malware. a Microsoft system seems to be receiving/controlling the malware. Whether this means this is some type of hybrid malware (infecting a Microsoft system) or the malware designer is using Microsoft OS as their virus distribution system is an interesting question.

No comments:

Post a Comment