The Mac OS X Trojan called Sabpab has been updated. It seems that it’s exploiting malformed Word .doc files while some time ago it was only relying on Java vulnerabilities. A user gets infected when it opens a booby-trapped Word document on a vulnerable Mac. When OSX/Sabpab is in your system, it is opening a backdoor for hackers to steal your information and control Mac remotely, without user notice.
The worst thing is that this little piece of spyware doesn’t need to get permissions from user – no prompt pops up to enter your username and password. Mac users might not even know that they have it in their computers. However, those attacks exploit a known security hole in Word (MS09-027). It’s not the first time cybercriminals use this technique of infecting mac users.
This type of Sabpab Trojan seems not to be using Java vulnerability that was exploited by the Flashback botnet. So people who are not using Java applets and who believe that they are protected – should also check their Mac.
There’s no reason to think that this attack is widespread, however, it’s another rock to thrown to Apple’s headquarters. The myth about virus-free mac seems to be explained as not true. If you want to know if your mac is infected with this malicious Trojan, follow one of these guides:
?€¢ Check this folder: ~/Library/Preferences/ if there’s a file called com.apple.PubSab.plist (Don’t mix it up with com.apple.PubSub.plist – this one is OK)
?€¢ Download an anti-virus program. If you don’t want to pay for one, you can find one for free here: Free Mac AV.
Also, if you didn’t do that till now – update your installation of Microsoft Word. A patch for this vulnerability was released in 2009. To make sure you have the latest version of the office suite, choose the “Check for updates” option on the “Help” menu.