April 16, 2012 at 3:43 PM ET
A new Trojan known as "Sabpab" could hurt Mac users who run Java and Microsoft Word. Security researchers are warning users to make sure their computers have the latest software updates from both Apple and Microsoft, and to use anti-virus software. In some cases, manual removal of Sabpab may be needed.
Word about Sabpab comes on the heels of another nasty piece of malware, Flashback, that infected up to as many as 600,000 Macs, security experts said, by exploiting a vulnerability in Java software. Apple last week issued a software-base removal tool for that malware, which can be used by criminals to steal personal information, including passwords.
Both Sophos Security and Kaspersky Lab warned users about Sabpab. One version of the malware takes advantage of the same Java exploit used by Flashback.
The other version of the malware arrives in an email attachment called "10th March Statemnet" (with "statement" misspelled).
"The name of the file ("10th March Statemnet") is directly linked with the Dalai Lama and Tibetan community," said Costin Raiu of Kasperky Lab. "On March 10, 2011, the Dalai Lama released a special statement related to Anniversary of the Tibetan People’s National Uprising Day -- hence the name."
Says Graham Cluley, senior technology consultant at Sophos:
If you open the boobytrapped Word document on a vulnerable Mac, a version of the OSX/Sabpab Trojan horse gets installed on your computer opening a backdoor for remote hackers to steal information or install further code.
As a decoy, a Word document is dumped onto your drive and displayed -- effectively acting as a camouflage for the Trojan's true intentions.
Mac users, Cluley says, may be caught off guard by the attack, "as there is no prompt to enter your username or password when the malicious software installs itself onto your Mac.
Microsoft released a security update in 2009 for Microsoft Office for Mac users that will take care of another recent crop of malware. "Of course, it would also be sensible to update your installation of Microsoft Word -- as a patch has been available for the vulnerability being exploited here since 2009," says Cluley.
On Monday, Microsoft confirmed that the security update will cover Sabpab.
(Msnbc.com is a joint venture of Microsoft and NBC Universal.)
If you use Norton AntiVirus or Symantec Endpoint Protection for Macintosh, Symantec has more information here about how to remove Sabpab.
At this point, while "there no reason to believe that this attack is widespread, it's clearly time for some people to wake up to the reality of Mac malware," wrote Cluley, and take steps to protect themselves, whether it's with Sophos' software or another company's.
"Mac users -- please get an anti-virus, for goodness sake," added Cluley. "If you don't want to pay for one, there is free anti-virus for Mac home users available for download."
While these recent attacks can be handled, they won't be the end of them. Dennis FIsher of Kaspersky, in a blog posting last month, wrote, "Welcome to the age of targeted attacks, Mac users. Perhaps having grown tired of owning Windows machines around the world for the last few years, attackers in China now have taken up the challenge of going after Macs with the same kind of targeted attack tactics that have served them so well in the Windows world."