A new Mac backdoor exploiting CVE-2011-3544 (a Java vulnerability) is being reported. The backdoor appears to be connected to GhostNet. The malware is being used in targeted attacks against non-governmental organizations (NGO).
Greg Walton published details of targeted mails sent to NGOs related to Tibet. The message contains a link to: dns.assyra.com. Read more from Walton here. AlienVault Labs has posted a technical report.
Based on today’s news, Brod, one of our Mac malware analysts, remembered this post by Microsoft: Backdoor Olyx – is it malware on a mission for Mac? The post is about a similarly themed attack targeting both Mac and Windows users last July.
We detect these new threats as:
Exploit:Java/CVE-2011-3544.E – MD5: 6C8F0C055431808C1DF746F9D4BB8CB5, MD5: 453A3DC32E2FAFD39F837A1EBE62CA80
Backdoor:OSX/Olyx.B – MD5: 39084b60790ca3fdebe1cd93a4764819
Backdoor:W32/Poison.CE – MD5: 7F7CBC62C56AEC9CB351B6C1B1926265
See yesterday’s Mac related post for Java mitigation tips.
Leave a reply