New Mac trojan found to exploit same Java weakness as 'Flashback'

Posted:
in General Discussion edited January 2014
A new piece of malware that takes advantage of a well-documented Java vulnerability has been found on a website dedicated to the Dalai Lama, with the trojan able to install itself on an unwitting Mac user's computer to capture keystrokes and other sensitive data.

Dockster
Screenshot from a Google cache of the gyalwarinpoche.com webpage. | Source: F-Secure


Dubbed "Dockster," the malware was first found by antivirus and security firm Intego to have been uploaded to the VirusTotal detection service on Nov. 30. At the time of its discovery, the remote address associated with trojan was not active, possibly indicating that the code's creators were testing whether it would be detected, but as of this writing the malicious code is now "in the wild."

As noted in a separate report from F-Secure (via ArsTechnica), the backdoor trojan is now operating on an unofficial Dalai Lama webpage called gyalwarinpoche.com (do not visit as site still contains malware) and acts on the same operational principle as the Flashback exploit from September 2011. Dockster leverages the same Java vulnerability to drop the backdoor onto a Mac, which then executes code to create an agent that feeds keylogs and other sensitive information to an off-site server.

In the case of Flashback, which was also discovered by Intego, a reported 600,000 Macs were affected before both Apple and Oracle released a Java patches to remove the malware and protect against future attacks.

Although the newly-found Dockster takes advantage of an already fixed weakness, users who haven't yet updated their Macs or are running older software may still be at risk.
«1

Comments

  • Reply 1 of 23


    image

  • Reply 2 of 23


    Apple really needs to release a tool for novice owners that removes Java completely from the OS and modifies Software Update to not reinstall it.

  • Reply 3 of 23


    They already did that.

  • Reply 4 of 23

    Quote:

    Originally Posted by Brian Jojade View Post


    They already did that.



     


    If you are replying to my comment about uninstalling Java, no, Apple hasn't done that.


     


    I think you are confused with the update to remove the Java web plug in.

  • Reply 5 of 23
    Tallest Skil, thanks for the screen shot. Any screen shots for the other popular browsers (FF and Chrome)?
  • Reply 6 of 23
    Another very poorly written and edited article.

    For example, is the remote server now on line? That's not clear.
  • Reply 7 of 23


    Originally Posted by scalpernt View Post

    Tallest Skil, thanks for the screen shot. Any screen shots for the other popular browsers (FF and Chrome)?


     


    Yep. Man, these are unnecessarily complex, aren't they?


     


    Chrome:


    image


     


    Firefox:


    image


     


    Thanks to the Mac|Life page (from two years ago) for these.

  • Reply 8 of 23
    sockrolidsockrolid Posts: 2,789member
    Just had an awesome idea. What if you're a well-known anti-virus software maker and you want to drum up business. What to do? What to do?

    AHA! Wouldn't it make sense to write viruses, distribute them as widely as possible, then alert the unwashed masses to the new threat? You know, so you look like a hero and all.

    OMG. I sure hope those anti-virus software makers aren't reading this forum.
    What have I DONE!???
  • Reply 9 of 23
    john.bjohn.b Posts: 2,740member


    I finally decided it was time to just remove Java from all my computers.

  • Reply 10 of 23


    Originally Posted by SockRolid View Post

    OMG. I sure hope those anti-virus software makers aren't reading this forum.

    What have I DONE!???


     


    Don't worry. They've had that idea before.

  • Reply 11 of 23
    bigmac2bigmac2 Posts: 639member


    Yet another reasons to stay away from Java.


     


    Served me since 1998....

  • Reply 12 of 23
    quadra 610quadra 610 Posts: 6,756member


    I can totally deal with an additional trojan every year. 


     


    What are we up to now? 6?


     


    But if you're already enjoying iOS for a lot of your surfing, you can dial that number back down to 0. 

  • Reply 13 of 23
    aaarrrggghaaarrrgggh Posts: 1,608member
    john.b wrote: »
    I finally decided it was time to just remove Java from all my computers.

    I did that for about a month... then I realized I needed it to administer our firewall. There are some things you are stuck with Java for; I compartmentalize things into isolated VMs where it is practical, but there is only so much you can do.

    The average user though... dump it and don't look back. I killed Flash too...
  • Reply 14 of 23
    MacProMacPro Posts: 19,379member
    sockrolid wrote: »
    Just had an awesome idea. What if you're a well-known anti-virus software maker and you want to drum up business. What to do? What to do?
    AHA! Wouldn't it make sense to write viruses, distribute them as widely as possible, then alert the unwashed masses to the new threat? You know, so you look like a hero and all.
    OMG. I sure hope those anti-virus software makers aren't reading this forum.
    What have I DONE!???

    Then I'd have to kill you ....
  • Reply 15 of 23
    charlitunacharlituna Posts: 7,217member
    Apple really needs to release a tool for novice owners that removes Java completely from the OS and modifies Software Update to not reinstall it.

    They did one better. They stopped installing it at all.

    Trouble is that folks do it on their own and then don't update it properly because its not in software update
  • Reply 16 of 23
    charlitunacharlituna Posts: 7,217member
    sockrolid wrote: »
    Just had an awesome idea. What if you're a well-known anti-virus software maker and you want to drum up business.

    Old trick. Old paranoia.
  • Reply 17 of 23
    winterwinter Posts: 1,238member
    I go to one chat that still uses Java once a week through Safari. I just disabled Java though if I enable Java temporarily, am I at risk. Just curious.
  • Reply 18 of 23
    @john.b : don't forget to cut it off the Internet, shut it down, remove the CPU and melt it in a fire. You never know.

    Reminder to anyone with a brain: Java is a great language, that still represents a threat to Microsoft's .Net (you know, that huge reason why the Mac doesn't make it much to the Enterprise World). Java also means portability, which makes it a threat to Apple's AppStore.

    I don't want a world where Apple prevents the base user from installing whatever it wants and you can't run whatever you decide to run (right now, you actually need to command click before you run "external party" software!)

    Apple's behaving (in the interest of the user, yeah right, IE6 powers the average user to the Interwebs, in other news) in a very scary way, and it's our call to tell them that the boundary lies here. I want more Macs. I do'nt want Macs that are limited computers, I have iPads for that purpose.
  • Reply 19 of 23
  • Reply 20 of 23
    hill60hill60 Posts: 6,992member

    Quote:

    Originally Posted by lightknight View Post



    @john.b : don't forget to cut it off the Internet, shut it down, remove the CPU and melt it in a fire. You never know.

    Reminder to anyone with a brain: Java is a great language, that still represents a threat to Microsoft's .Net (you know, that huge reason why the Mac doesn't make it much to the Enterprise World). Java also means portability, which makes it a threat to Apple's AppStore.

    I don't want a world where Apple prevents the base user from installing whatever it wants and you can't run whatever you decide to run (right now, you actually need to command click before you run "external party" software!)

    Apple's behaving (in the interest of the user, yeah right, IE6 powers the average user to the Interwebs, in other news) in a very scary way, and it's our call to tell them that the boundary lies here. I want more Macs. I do'nt want Macs that are limited computers, I have iPads for that purpose.


    Don't worry dude, you are still free to install Trojans.

Sign In or Register to comment.