mercoledì 18 aprile 2012

Virus for Mac: After Flashback, SabPub is threatening the operating system

The trojan is considered very sophisticated and allows maximum freedom of action on the infected machine. Appeared in February of this year, has been identified only a few days ago. After Flashback, the Trojans managed to spread to more than 600 thousand Macs in the U.S. and Canada, a new alarm arrives for Apple users. The discovery is Kaspersky Labs, specializing in security software, that have identified and studied SabPub, another virus that could compromise the integrity of the operating system. According to the initial analysis, its dangerousness is higher than that of Flashback. The trojan was in fact listed as Apt (Advanced Persistent Threat, ed), an acronym used to describe malware that use very sophisticated techniques (and effective) to allow the author maximum freedom of action on the infected machine. According to blog analysts Kaspersky, the virus uses a vulnerability in the Java Virtual Machine installed on your computer and secure a backdoor, or a link to "hidden" author of the virus that allows access to the computer. During the analysis, performed through the use of a "guinea pig", security experts have recorded the activity of the virus by holding it under control for several hours. The type of actions performed, by scanning documents stored in memory to copy some of them, suggests an attack carried out manually by the author of the trojan. It is, therefore, a threat far more serious Flashback though now has a reduced spread and type of activity recorded suggests it is a tool to attack very "targeted". The caution, however, in these cases, is a must: The notorious Flashback had been identified in advance, ie in September 2011, but this did not prevent infection of the boom at the end of March 2012. One of the most disturbing, however, concerns the longevity of SabPub. The first version, according to the analysis of computer scientists and Igor Aleks Gostev Soumenkov, would have appeared as early as February of this year, but its detection was possible only a few days ago. A "black hole" that would normally be unthinkable, since the virus can become laboratories to detect malware normal within hours of birth. There are many doubts about the vehicle of infection. One of the possible techniques is one that uses a vulnerability related to the conversion of Word documents, but there is also the possibility of sending emails that contain links to two Web sites hosted in the U.S. and Germany which would contain the virus. According to Gostev, the appearance of SabPub confirms a trend of growth in malware for Apple computers. If up to 2012 Kaspersky labs have ranked just over 300 threats for Mac, the first 3 months of the year are already 70 new variants appeared. "The appearance of this trojan once again demonstrates that there are software environments invulnerable. The relatively low number of malware for Mac OS X is not a sign of greater security of these systems. " With the increasing popularity of Apple computers, on the other hand, the growth of attacks that is more predictable. According to Costin RAIU, another analyst Kaspersky, it is likely that this situation will worsen in the coming months, taking advantage of "the poor level of software upgrades and the lack of attention from users". From di Marco Schiaffino

Nessun commento:

Posta un commento