Fresh Malware for OS X Abusing Ancient Office Flaw
According to researchers from AlienVault Labs, they've just discovered an OS X malicious program that abuses an already patched security flaw within Microsoft Office running on Macs so a command-and-control (C&C) malware can be installed on the Apple computers, published LIVE HACKING dated March 28, 2012.
Incidentally, AlienVault reports that the security flaw got patched during June 2009 when it influenced Mac Office 2004, all editions till 11.5.4, Mac Office 2008, all editions till 12.1.8, and OpenXML Converter, all editions till 1.0.2.
Moreover, no time was lost post the flaw's discovery; however, presently the subsequent supported Office applications aren't addressed with the update. So, creators of malicious software are looking for abusing un-patched computers, something that indicates the unprecedented use of Office files to execute assaults within OS X.
Additionally the researchers, meanwhile state that the Tibet.A Trojan is attacking users of both Mac OS and Windows systems.
Essentially, to infect any system, the end-user must be made to click on a malicious-designed Word file whilst Word software is un-patched on Mac. Consequently, a script that is generated saves the malicious program on the computer's hard disk. Since then, an execution of the program makes the infection complete. The implanted program evidently, attempts at communicating with a China-based C&C server, whose commands to the infected computer enables the remote-attacker to gain hold over the system. He then conveniently installs more malware; previews, modifies alternatively erases data; and/or sets up fresh accounts. However, in case Word is executed via universally-accepted account, as akin to most Mac users, then the attackers would get only limited hold over the machine.
AlienVault doubts, the current assault may've an association with the same gang that for the time-being seemingly aims at NGOs in Tibet.
Also, similar to the Flashback's and Tibet's recent trials to install malware by exploiting ancient Java vulnerabilities, the new malware under discussion yet again underscores the importance of deploying the most recent software updates and security patches onto one's computer.
Accordingly, it's advisable that all users make their Mac systems up-to-date through deploying software updates that are automatic and sourced from reliable anti-malware firms.
Related article: Fark.com Files Suit against Suspected Hacker from Fox13
» SPAMfighter News - 05-04-2012