Forgot your password?
typodupeerror
Security Botnet OS X Apple

MacControl Trojan Being Used In Targeted Attacks Against OS X Users 187

Posted by Soulskill
from the thanks-for-waiting-so-patiently dept.
Trailrunner7 writes "Welcome to the age of targeted attacks, Mac users. Perhaps having grown tired of owning Windows machines around the world for the last few years, attackers have now taken up the challenge of going after Macs with the same kind of targeted attack tactics that have served them so well in the Windows world. Researchers have found a new attack that employs two separate pieces of malware, a malicious Word document and some techniques for maintaining persistence on compromised machines, and the campaign is specifically targeted at Mac users. The command-and-control domain involved in the attack is located in China and the attack exploits a three-year-old vulnerability in the way that Office for Mac handles certain Word files, according to researchers at AlienVault, who discovered and analyzed the attacks."
This discussion has been archived. No new comments can be posted.

MacControl Trojan Being Used In Targeted Attacks Against OS X Users

Comments Filter:
  • by MushMouth (5650) on Wednesday March 28, 2012 @05:34PM (#39502151) Homepage

    Actually this is what you get when you shut/put off updates.

  • Meh? (Score:5, Informative)

    by Anubis IV (1279820) on Wednesday March 28, 2012 @05:38PM (#39502189)

    Macs had a flurry of trojans that hit them last year too. Apple put out the 10.6.8 update that allowed them to deliver daily anti-malware updates, and then used it to block every variant of the trojan within a matter of hours after it first appeared. Since 10.6 or above has been the default on all new Macs for the last 2.5 years, and Software Update is enabled by default to regularly check for updates, you can bet that the vast majority of Mac users will be receiving an automatic anti-malware update sometime later this week or next to deal with the trojan.

  • Re:LoL (Score:5, Informative)

    by lightknight (213164) on Wednesday March 28, 2012 @06:04PM (#39502513) Homepage

    That's quite alright. We find things that target Safari on Windows all the time, so I guess it's more of the same.

  • by Anonymous Coward on Wednesday March 28, 2012 @06:12PM (#39502611)

    Microsoft patched this in 2009

    however this from OO-2 is still unpatched
    http://secunia.com/advisories/38567/

  • by Anonymous Coward on Wednesday March 28, 2012 @09:49PM (#39504501)

    Writing a macro language for your anything that has the ability to silently add/edit the macros in other unrelated documents is just nine kinds of stupid.

    What makes you sure something equivalent couldn't be done with iWork and Applescript? I mean other than iWork's marketshare, of course.

    The fact that you can't embed AppleScript in an iWork document?

  • Re:Microsoft (: (Score:4, Informative)

    by am 2k (217885) on Wednesday March 28, 2012 @10:32PM (#39504777) Homepage

    The new "gatekeeper" feature would be able to lock down MS Word and the worst that could happen is your documents folder is wiped. But since MS Word would never appear on the Mac App Store users would have installed it with unsigned access. Which would only affect their home directory unless they run as Admin.

    Uh, I don't think you know what you're talking about. Gatekeeper is a new thing in 10.8, which only allows stuff that's signed either with an App Store certificate or a Mac developer certificate. It doesn't handle file access at all.

    Sandboxing (new in 10.7) limits file (and other device) access to only certain areas, but the documents folder is usually off limits.

    If Word would use a Mac developer certificate, starting in 10.8 Apple could pull the kill switch and the application would not launch on any Mac any more. However, that's quite a drastic step and would probably not be done in this case for such a widely-deployed piece of software.

"The Mets were great in 'sixty eight, The Cards were fine in 'sixty nine, But the Cubs will be heavenly in nineteen and seventy." -- Ernie Banks

Working...