China targets macs used by NGOs

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

China targets macs used by NGOs
Botnet Ghostnet
Malware Olyx.B, Poison.CE
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / March 30 2012
Editor/Conference F-Secure
Link http://www.f-secure.com/weblog/archives/00002334.html (Archive copy)
Author
Type

Abstract

A new Mac backdoor exploiting CVE-2011-3544 (a Java vulnerability) is being reported. The backdoor appears to be connected to GhostNet. The malware is being used in targeted attacks against non-governmental organizations (NGO).

Greg Walton published details of targeted mails sent to NGOs related to Tibet. The message contains a link to: dns.assyra.com. Read more from Walton here. AlienVault Labs has posted a technical report.

Based on today's news, Brod, one of our Mac malware analysts, remembered this post by Microsoft: Backdoor Olyx – is it malware on a mission for Mac? The post is about a similarly themed attack targeting both Mac and Windows users last July.

We detect these new threats as:

Exploit:Java/CVE-2011-3544.E — MD5: 6C8F0C055431808C1DF746F9D4BB8CB5, MD5: 453A3DC32E2FAFD39F837A1EBE62CA80 Backdoor:OSX/Olyx.B — MD5: 39084b60790ca3fdebe1cd93a4764819 Backdoor:W32/Poison.CE — MD5: 7F7CBC62C56AEC9CB351B6C1B1926265

See yesterday's Mac related post for Java mitigation tips.

Bibtex

 @misc{2012BFR948,
   editor = {F-Secure},
   author = {},
   title = {China targets macs used by NGOs},
   date = {30},
   month = Mar,
   year = {2012},
   howpublished = {\url{http://www.f-secure.com/weblog/archives/00002334.html}},
 }