Caretower provides the latest products of Sophos
A new malware attack is targeting computers running Mac OS and Windows, according to security
The attack exploits the same Java security vulnerability that allowed the Flashback
botnet to capture more than 600,000 Macs in April.
Mac and PC users who have not patched their computers are at risk of infection if they visit
compromised web pages, Sophos said.
Patches for the Java vulnerability have been available since 14 February for Windows, Linux and
Unix computers, and since early April for Macs. Apple
was criticised for its slow response to the Flashback Trojan.
The malware exploits a Java vulnerability to download further malicious code on to the computer
that either decrypts a Python script that acts as a Mac OS X backdoor, or downloads a backdoor
Trojan for Windows.
This attack will allow remote hackers to take control of the Mac or PC by secretly sending and
running commands, uploading code and stealing files without the user’s knowledge.
“This attack is quite different from the earlier Flashback attack, and may indicate that other
cyber criminal gangs are exploring the possibilities of infecting Macs,” said Graham Cluley, senior
technology consultant at Sophos.
“Certainly, whoever wrote the script has left a clue that they may be planning to make
developments to their code in the future. Malware authors have woken up to the fact that Mac owners
are in fact soft targets, as many users still believe that their beloved Macs are immune,” he
Up-to-date anti-virus and security patches are essential, for both Mac and Windows users, said
Cluley. “It’s time that Mac users become responsible members of the internet community, as this is
no longer just a problem for Windows,” he said.