Sign in with
Sign up | Sign in

Microsoft Detects New Malware Attacking Mac OS X

By - Source: Microsoft | B 57 comments

A new malware is attacking Mac OS X because users haven't updated Microsoft Office.

Jeong Wook Oh of Microsoft's Malware Protection Center reports that his team has stumbled across a new piece of malware targeting Apple OS X computers. It exploits a remote code execution vulnerability in the Office productivity suite which Microsoft actually patched back in June 2009 (MS09-027). Almost three years later, not all machines have the patch installed, thus leading to the spread of this new hacker tool.

"The vulnerability is a stack-based buffer overflow - the attack code could corrupt variables and return addresses located on the stack," Oh wrote. "As we analyzed the malware, we found that the malware author managed to corrupt a local variable and used that corrupted variable to deploy 'stage 1' shellcode to a designated area. This corrupted variable is later used for a target address and is where the stage 1 shellcode is copied. The corrupted return address points to this target address as well."

Oh said that the malware, a Mac OS X version of backdoor, is probably targeting only Snow Leopard or lower versions of Mac OS X, as it fails when trying to execute on OS X Lion machines. He believes the attacker had knowledge about the target environment beforehand -- knowledge that includes the target operating system, application patch levels and more.

Like other backdoor trojans, this new malware grants remote control access to the infected computer. The main payload file is a standard executable for Mac OS X called launch-hse. "This binary is a command and control (C&C) agent that communicates with a C&C server (master) to perform unauthorized actions that are similar to other C&C bot clients," he explained. "The function names give clues that might indicate that this binary is connecting to a C&C server, parses command from it and performs file retrieval or creates process."

Ultimately Mac users will see an increase in malware attacks as the platform grows in popularity. Oh said that exploiting Mac OS X isn't much different from other operating systems, and even though Mac OS X has introduced many mitigation technologies to reduce risk, the end-user's protection against security vulnerabilities has a direct correlation with updating installed applications. That means keeping software up-to-date so that hackers don't slip in between cracks that were patched long ago.

Discuss
Display all 57 comments.
This thread is closed for comments
Top Comments
  • 28 Hide
    internetlad , May 2, 2012 5:04 PM
    and once again, we find that the weakest link in security is the user itself.

    Seriously, computers, just form skynet already and wipe us out.
  • 27 Hide
    mobrocket , May 2, 2012 4:54 PM
    the guy's last name is "OH"
    thats wicked
  • 26 Hide
    cee2cee , May 2, 2012 4:59 PM
    More proof that Mac users are the more clueless ones. Sure, PCs have to deal with monthly patches, but I feel bad for those on Macs that incorrectly think they're safe and don't update and then something like this happens.
Other Comments
  • 27 Hide
    mobrocket , May 2, 2012 4:54 PM
    the guy's last name is "OH"
    thats wicked
  • 26 Hide
    cee2cee , May 2, 2012 4:59 PM
    More proof that Mac users are the more clueless ones. Sure, PCs have to deal with monthly patches, but I feel bad for those on Macs that incorrectly think they're safe and don't update and then something like this happens.
  • 24 Hide
    rantoc , May 2, 2012 5:01 PM
    Fun is that Microsoft actually patched it back in June 2009 (MS09-027). Seems the mac users believe their invulnerable and don't understand the need to patch security leaks in their "magic" machines, much thanks to the false marketing with the TV commercials and all. Crack tend to make people jump of roofs, not patching security holes is just as clever!
  • 20 Hide
    Parsian , May 2, 2012 5:01 PM
    Except a very small professional content producing margin of Apple OSX users, everybody else uses Macs so they dont have to know or learn or concern themselves with technicalities. THis is a prime example of such population and why they are deluded with the illusion of no viruses in Macs. They cant even update through their automated updating system.
  • 28 Hide
    internetlad , May 2, 2012 5:04 PM
    and once again, we find that the weakest link in security is the user itself.

    Seriously, computers, just form skynet already and wipe us out.
  • 21 Hide
    eddieroolz , May 2, 2012 5:16 PM
    The header is full of irony.
  • -4 Hide
    tramit , May 2, 2012 5:20 PM
    Why wouldn't you update software to a program?
  • 5 Hide
    danimal_the_animal , May 2, 2012 5:26 PM
    WAKE UP!

    LOL!
  • 3 Hide
    atmos929 , May 2, 2012 5:29 PM
    Mac OS X Service Pack 2 comming up...

    ... Do they even use updates like that? Will they have to?
  • 14 Hide
    Cazalan , May 2, 2012 5:30 PM
    Windows getting too secure by default. Easier to go for the weakest link. iPad/Mac.
  • 19 Hide
    gmarsack , May 2, 2012 5:36 PM
    I miss playing C&C...
  • 7 Hide
    sporkimus , May 2, 2012 5:40 PM
    Where are the Mac users that claim their computers never get viruses or malware? The soapbox is looking pretty empty at the moment.
  • 20 Hide
    mayne92 , May 2, 2012 5:53 PM
    Couldn't help but chuckle knowing that for years Mac fangirls kept touting about how their OS is perfect. We now have a report from Kaspersky saying Apple is years behind on security to that of M$ and now trojan after trojan after trojan emerges for Macs - who would have thunk???? Love it
  • 25 Hide
    joeman99 , May 2, 2012 6:07 PM
    thebigt42The problem is with a M$ product

    An M$ product that was patched 3 YEARS AGO!
  • 17 Hide
    zak_mckraken , May 2, 2012 6:22 PM
    The software at risk is irrelevant. I understand the irony that it's a Microsoft product, but it could have been a third party software, game, or even iTunes, and the result would be the same. The fact that the OS allows a flawed sofware to exploit it is proof that the OS itself is flawed. A system is as secure as it's weakest link.
  • 7 Hide
    memadmax , May 2, 2012 7:30 PM
    It isn't the software at fault....
    It's the snotty leadership at iFlapple....
  • 17 Hide
    zybch , May 2, 2012 7:30 PM
    zak_mckrakenThe software at risk is irrelevant. I understand the irony that it's a Microsoft product, but it could have been a third party software, game, or even iTunes, and the result would be the same. The fact that the OS allows a flawed sofware to exploit it is proof that the OS itself is flawed. A system is as secure as it's weakest link.

    I think a massive number of people would assert that iTunes is worse than having a virus. I can't think of any other 'required' application that bugs me more than that piece of crap.
Display more comments