The Latest in IT Security

Malware Targeting Windows and MAC OSX

12
Apr
2012

Malware is getting more and more sophisticated as the days goes by. Windows platform is the usual target for infection of malware authors but this time they add one more target platform, Mac OSX.

Recently, another Tibetan-themed malware has been discovered which takes advantage of a patched Java Vulnerability (CVE-2011-3544).

When a user unknowingly visits malicious website, the attack will start by a script loading the malicious Java applet exploiting (CVE-2011-3544) then it will determine the malicious payload depending on what Operating System the user is using. Using the new variant samples, as you can see in Figure 1, if your OS is Windows the file “img.jar” will be executed and if your OS is Mac OSX the file “ref.jar” will be executed.

[Figure 1 – Source Code of Malicious Java Applet]

The file “img.jar” will drop and execute its payload “file.tmp”. Total Defense detects the payload as Win32/Sasfis.ODF.

The file “ref.jar” will drop and execute its payload “file.tmp”. Total Defense detects the payload as OSX/Olyx.B. Upon execution, it drops a copy of itself as “AudioServer” in /Library/Audio/Plug-Ins/. It then creates “com.apple.DockActions.plist” in the /Library/LaunchAgents/, to ensure that the backdoor is active on the system.

It contacts the remote server “avira.suroot.com”, and it is capable of performing the following commands:

•    Download/Upload files to Command and Center
•    Execute a command using /bin/sh
Ensure that your Java and Total Defense Products are updated with the latest updates at all times.

Leave a reply


Categories

WEDNESDAY, NOVEMBER 13, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments