China targets macs used by NGOs
(Publication) Google search: [1]
| China targets macs used by NGOs | |
|---|---|
| Botnet | Ghostnet |
| Malware | Olyx.B, Poison.CE |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / March 30 2012 |
| Editor/Conference | F-Secure |
| Link | http://www.f-secure.com/weblog/archives/00002334.html (Archive copy) |
| Author | |
| Type | |
Abstract
“ A new Mac backdoor exploiting CVE-2011-3544 (a Java vulnerability) is being reported. The backdoor appears to be connected to GhostNet. The malware is being used in targeted attacks against non-governmental organizations (NGO).
Greg Walton published details of targeted mails sent to NGOs related to Tibet. The message contains a link to: dns.assyra.com. Read more from Walton here. AlienVault Labs has posted a technical report.
Based on today's news, Brod, one of our Mac malware analysts, remembered this post by Microsoft: Backdoor Olyx – is it malware on a mission for Mac? The post is about a similarly themed attack targeting both Mac and Windows users last July.
We detect these new threats as:
Exploit:Java/CVE-2011-3544.E — MD5: 6C8F0C055431808C1DF746F9D4BB8CB5, MD5: 453A3DC32E2FAFD39F837A1EBE62CA80 Backdoor:OSX/Olyx.B — MD5: 39084b60790ca3fdebe1cd93a4764819 Backdoor:W32/Poison.CE — MD5: 7F7CBC62C56AEC9CB351B6C1B1926265
See yesterday's Mac related post for Java mitigation tips.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR948,
editor = {F-Secure},
author = {},
title = {China targets macs used by NGOs},
date = {30},
month = Mar,
year = {2012},
howpublished = {\url{http://www.f-secure.com/weblog/archives/00002334.html}},
}