NEWS FROM THE LAB - Friday, February 22, 2013

Our Mac Antivirus Blocks Java Exploits Posted by Sean @ 10:35 GMT

Yesterday, two of our analysts, Brod and Timo, tested a Facebook/Apple hack related Java exploit with our Anti-Virus for Mac.

And the result?

Our Mac AV blocked the exploit with a generic detection (created Nov. 19th 2012) called: Exploit:Java/Majava.B.

2013-02-21 Exploit:Java/Majava.B


So, how is the sample related? On February 15th, Mac malware samples were shared via a "Mac malware" mailing list. In the follow up discussion, two file hashes were shared, one of which is available via VirusTotal. And that sample turned out to be a Java exploit that drops a Windows backdoor. Brod analyzed the backdoor (detected as Trojan.Generic.8282738) and discovered that it attempts to connect to digitalinsight-ltd.com, one of the sinkholed C&Cs related to Friday's Mac malware.

Our generic detection, Exploit:Java/Majava.B, is used by our cross-platform antivirus scanning engine, so our Windows customers are protected, too. Our thanks to the analyst who shared the file hash (she knows who she is).