IT security and data protection firm Sophos has identified a new malware attack that is targeting Mac and Windows computers. This attack is exploiting the Java security vulnerability that allowed the ‘Flashback’ botnet to commandeer 600,000 Macs in April 2012. Internet users who visit compromised web pages may find themselves at risk of infection via a Java exploit that downloads malicious software onto their computer.
Patches for the Java vulnerability have been available since February 14, for Windows, Linux and Unix computers, and since early April for Macs. However, if users have not yet patched their computer, they are still at risk of attack. This malware attack exploits the Java vulnerability to download further malicious code on to the computer. These downloaded programmes will then install further malicious code, decrypting either a Python script that acts as a Mac OS X backdoor, or downloading a backdoor Trojan for Windows. This attack will allow remote hackers to take control of the Mac or PC by secretly sending and running commands, uploading code and stealing files without the user’s knowledge.
“This attack is quite different from the earlier Flashback attack, and may indicate that other cybercriminal gangs are exploring the possibilities of infecting Macs,” said Graham Cluley, senior technology consultant at Sophos. “Certainly, whoever wrote the script has left a clue that they may be planning to make developments to their code in the future. Malware authors have woken up to the fact that Mac owners are in fact soft targets, as many users still believe that their beloved Macs are immune.”
“Although Windows users are generally pretty good at running anti-virus protection, Mac users are only just waking up to the need,” continued Cluley. “Up-to-date anti-virus and security patches are essential, for both Mac and Windows users, and it’s time that Mac users become responsible members of the internet community, as this is no longer just a problem for Windows.”
More information, including images, can be found on the Sophos Naked Security website.
