The Latest in IT Security

China Targets Macs Used by NGOs #Tibet

20
Mar
2012

A new Mac backdoor exploiting CVE-2011-3544 (a Java vulnerability) is being reported. The backdoor appears to be connected to GhostNet. The malware is being used in targeted attacks against non-governmental organizations (NGO).

Greg Walton published details of targeted mails sent to NGOs related to Tibet. The message contains a link to: dns.assyra.com. Read more from Walton here. AlienVault Labs has posted a technical report.

Based on today’s news, Brod, one of our Mac malware analysts, remembered this post by Microsoft: Backdoor Olyx – is it malware on a mission for Mac? The post is about a similarly themed attack targeting both Mac and Windows users last July.

We detect these new threats as:

Exploit:Java/CVE-2011-3544.E – MD5: 6C8F0C055431808C1DF746F9D4BB8CB5, MD5: 453A3DC32E2FAFD39F837A1EBE62CA80
Backdoor:OSX/Olyx.B – MD5: 39084b60790ca3fdebe1cd93a4764819
Backdoor:W32/Poison.CE – MD5: 7F7CBC62C56AEC9CB351B6C1B1926265

See yesterday’s Mac related post for Java mitigation tips.

Leave a reply


Categories

THURSDAY, DECEMBER 14, 2017

Featured

Archives

Latest Comments

Social Networks