![]() VirusBarrier Express and VirusBarrier Plus, available exclusively from the Mac App Store, detect this malware with malware definitions dated Novemor later, but these programs do not have a real-time scanner due to limitations imposed by the Mac App Store users should scan their Macs after they have updated to the latest malware definitions, or manually scan any installer packages they have downloaded if they seem suspicious.įor additional protection against this threat, update to the latest version of Java, which has fixed this vulnerability. VirusBarrier X6’s real-time scanner will detect the exploit code as OSX/SabPab.A and OSX/Dockster.A when it is dropped, and its Anti-Spyware protection will block any connections to remote servers if a user has installed the Trojan horse. ![]() Means of protection: VirusBarrier X6 ( protects users from this malware with malware definitions dated Novemor later. It provides a simple remote shell which allows the trojan’s controller remote access, allows the controller to download additional files, and it logs keystrokes. The backdoor functionality of this trojan is quite basic. Once the trojan is active, it tries to contact the remote address to await instructions. It creates a launch agent called so that the trojan will restart each time an affected user logs in. The file is not visible through Finder however, if it’s running, it can be seen within OS X’s Activity Monitor. If it’s executed, the trojan deletes itself from the location where it was run and installs itself in the user’s home directory with the filename. (This Java vulnerability was also the same one used by Flashback.) This malware is now known to be in the wild, on a website dedicated to the Dalai Lama that has been compromised to deliver the same exploit code as used by SabPab to push Dockster. This trojan has backdoor functionality, including a keylogger component that records an affected user’s typing. Security firm Intego has recently updated its antivirus software application for Mac OS X, VirusBarrier X5, to version 10.5.4.The update addresses some minor issues and improves overall stability. Risk: Low the threat is not known to be widespread and the vulnerability targeted by the exploit code is corrected by the latest version of Java.ĭescription: A sample of a new Mac spyware called OSX/Dockster.A was found on VirusTotal on Friday, possibly as part of a test before pushing it to the public.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |