NEWS FROM THE LAB - Tuesday, March 20, 2012

China Targets Macs Used by NGOs #Tibet Posted by Sean @ 15:20 GMT

A new Mac backdoor exploiting CVE-2011-3544 (a Java vulnerability) is being reported. The backdoor appears to be connected to GhostNet. The malware is being used in targeted attacks against non-governmental organizations (NGO).

Greg Walton published details of targeted mails sent to NGOs related to Tibet. The message contains a link to: dns.assyra.com. Read more from Walton here. AlienVault Labs has posted a technical report.

Based on today's news, Brod, one of our Mac malware analysts, remembered this post by Microsoft: Backdoor Olyx – is it malware on a mission for Mac? The post is about a similarly themed attack targeting both Mac and Windows users last July.

We detect these new threats as:

Exploit:Java/CVE-2011-3544.E — MD5: 6C8F0C055431808C1DF746F9D4BB8CB5, MD5: 453A3DC32E2FAFD39F837A1EBE62CA80
Backdoor:OSX/Olyx.B — MD5: 39084b60790ca3fdebe1cd93a4764819
Backdoor:W32/Poison.CE — MD5: 7F7CBC62C56AEC9CB351B6C1B1926265

See yesterday's Mac related post for Java mitigation tips.