The pristine image of Macs was shattered recently by the Flashback Trojan that had infected 650,000 machines and now researchers have discovered two other variants of the Trojan that could potentially infect even more Mac computers. One is a variant of the Backdoor.OSX.SabPub.a, or simply SabPub, that also exploits a Java vulnerability, while the other attacks via Microsoft Word documents.
Anti-virus firm Kaspersky Lab identified the two variants, explaining that the SabPub Trojans are quite different from the Flashback variants. “SabPub is classic backdoor Trojan, so it opens full access to a victim’s system for attackers. Flashback and its known variants is downloader and clickjacking bot, which means it conducts click fraud scam by hijacking people’s search engine results inside their web browsers,” said Kaspersky Lab chief security expert Alex Gostev.
Gostev noted that the SabPub could potentially infect more machines than Flashback, especially since the second variant doesn’t take advantage of the Java vulnerability, which has now been patched. Instead, it infects machines through Microsoft Word documents distributed by email. However, the SabPub Trojans have so far been limited to targeted attacks.