China targets macs used by NGOs
(Publication) Google search: [1]
China targets macs used by NGOs | |
---|---|
Botnet | Ghostnet |
Malware | Olyx.B, Poison.CE |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / March 30 2012 |
Editor/Conference | F-Secure |
Link | http://www.f-secure.com/weblog/archives/00002334.html (Archive copy) |
Author | |
Type |
Abstract
“ A new Mac backdoor exploiting CVE-2011-3544 (a Java vulnerability) is being reported. The backdoor appears to be connected to GhostNet. The malware is being used in targeted attacks against non-governmental organizations (NGO).
Greg Walton published details of targeted mails sent to NGOs related to Tibet. The message contains a link to: dns.assyra.com. Read more from Walton here. AlienVault Labs has posted a technical report.
Based on today's news, Brod, one of our Mac malware analysts, remembered this post by Microsoft: Backdoor Olyx – is it malware on a mission for Mac? The post is about a similarly themed attack targeting both Mac and Windows users last July.
We detect these new threats as:
Exploit:Java/CVE-2011-3544.E — MD5: 6C8F0C055431808C1DF746F9D4BB8CB5, MD5: 453A3DC32E2FAFD39F837A1EBE62CA80 Backdoor:OSX/Olyx.B — MD5: 39084b60790ca3fdebe1cd93a4764819 Backdoor:W32/Poison.CE — MD5: 7F7CBC62C56AEC9CB351B6C1B1926265
See yesterday's Mac related post for Java mitigation tips.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR948, editor = {F-Secure}, author = {}, title = {China targets macs used by NGOs}, date = {30}, month = Mar, year = {2012}, howpublished = {\url{http://www.f-secure.com/weblog/archives/00002334.html}}, }