And the result?
Our Mac AV blocked the exploit with a generic detection (created Nov. 19th 2012) called: Exploit:Java/Majava.B.
So, how is the sample related? On February 15th, Mac malware samples were shared via a “Mac malware” mailing list. In the follow up discussion, two file hashes were shared, one of which is available via VirusTotal. And that sample turned out to be a Java exploit that drops a Windows backdoor. Brod analyzed the backdoor (detected as Trojan.Generic.8282738) and discovered that it attempts to connect to digitalinsight-ltd.com, one of the sinkholed C&Cs related to Friday’s Mac malware.
Our generic detection, Exploit:Java/Majava.B, is used by our cross-platform antivirus scanning engine, so our Windows customers are protected, too. Our thanks to the analyst who shared the file hash (she knows who she is).
Leave a reply