Macs seem to now have a bigger target on their sleek, slim-lined back.
Following the outbreak of the Flashback Mac Trojan, researchers found two more cases of Mac OS X malware. The good news is most users have little reason to worry about them.
Both cases are variants on the same Trojan, called SabPub, said Kaspersky Lab Expert Costin Raiu.
The first variant is Backdoor.OSX.SabPub.a. Like Flashback, this new threat was likely spread through Java exploits on websites, and allows for remote control of affected systems. It came to life one month ago.
This malware isn’t a threat to most users for a few reasons: It seems to have focused on targeted attacks, with links to malicious websites sent via email, and the domain used to fetch instructions for infected Macs shut down, Raiu said.
Furthermore, Apple’s security update for Flashback helps render future Java-based attacks harmless. In addition to removing the Flashback malware, the update automatically deactivates the Java browser plug-in and Java Web Start if they remain unused for 35 days. Users must then manually re-enable Java when they encounter applets on a Web page or a Web Start application.
The second SabPub variant is old-school compared to its sibling. Instead of attacking through malicious Websites, it uses infected Microsoft Word documents as a vector, distributed by email.
Like the other SabPub variant, this one saw use in targeted attacks. With Flashback fresh in users memory and with these malware attacks, it is further evidence Macs aren’t immune to attacks.