Sophos Cloud Optix
Over the last year, SophosLabs, has talked about attacks against minority groups in China that use old vulnerabilities in Microsoft Office, that already have patches available for them.
We have seen several attacks in the past.
Earlier this week, the folks at AlienVault saw another attack using the same vulnerability in Office products on Mac OS X, targeting the Uyghur people of East Turkestan.
The vulnerability, known as MS09-027, was patched by Microsoft back in June 2009, and allowed remote code execution in Microsoft Word.
That means simply opening a boobytrapped Word document on an unpatched computer could run malicious code on your Mac. While you are distracted, reading the contents of a Word file, malware is being invisibly and silently installed onto your computer.
Although many Mac users might clutch onto the hope that their operating system will ask for an administrator’s username and password before installing any software, you won’t see any such message pop-up with an attack like this as it is a userland Trojan and you will not be prompted for administrator credentials.
This is because neither the /tmp/ nor /$HOME/Library/LaunchAgents folders on Mac OS X require root privileges. Software applications can run in userland with no difficulties, and even open up network sockets to transfer data.
Sophos products detect the malicious documents as Troj/DocOSXDr-B and the dropped malware as the Mac Trojan horse OSX/Agent-AADL.
OSX/Agent-AADL obviously went through some development during this campaign because we saw three distinct versions. The first was the most interesting:
In later versions of the Trojan, the function and variable names were stripped out and the shell script filenames were further hidden/obfuscated.
Once again, Mac users need to remember to not be complacent about the security of their computers. Although there is much less malware for Mac than there is for Windows, that is going to be no compensation if you happen to be targeted by an attack like this.
Mac users, just like Windows users, need to pay attention to the latest security patches and ensure that their software is kept properly up-to-date.
If you’re not already doing so, run anti-virus software on your Macs. If you’re a home user, there really is no excuse at all as we offer a free anti-virus for Mac consumers.
easy, don't use microsoft programs in your mac 🙂
Nice try at another typical Sophos anti-Mac FUD article, but considering that only three people in all of China can afford a Mac so it isn't really an issue.
Better luck next time.
Not sure if you're trying to insult China, for being poor; Apple, for having products that are too expensive for China; or the author of this article, for failing to notice one or both of the previous facts.
Interestingly, a survey I read somewhere (take it, indeed, with a grain of salt, but it seems it was a real survey of 1500+ randomly selected consumers in China) from late 2011 that reported that 5% of laptops sold in China are Macs, and that 20% of respondents "were considering Macs" for their next laptop purchase.
If, as you say, there are three Macs in China, and that's 5% of the laptops in total, then, hey, there are 60 laptops in all of China…which sounds, ah, a trifle on the low side, wouldn't you say?
Grimace<
Where have you been? China is loaded with money, and yes it has seeped down to the mid masses. With a couple billion people you think only a couple thousand have money, it's bad there but not that bad. It is not North Korea. Here is a link to an Apple store in China built out of bamboo and rice patty plants.
http://micgadget.com/31940/chengdus-apple-store-is-now-the-major-hub-for-apple-in-china-video/
.