Yesterday, two of our analysts, Brod and Timo, tested a Facebook/Apple hack related Java exploit with our Anti-Virus for Mac.
And the result?
Our Mac AV blocked the exploit with a generic detection (created Nov. 19th 2012) called: Exploit:Java/Majava.B.
Image may be NSFW.
Clik here to view.
Nice!
So, how is the sample related? On February 15th, Mac malware samples were shared via a "Mac malware" mailing list. In the follow up discussion, two file hashes were shared, one of which is available via VirusTotal. And that sample turned out to be a Java exploit that drops a Windows backdoor. Brod analyzed the backdoor (detected as Trojan.Generic.8282738) and discovered that it attempts to connect to digitalinsight-ltd.com, one of the sinkholed C&Cs related to Friday's Mac malware.
Our generic detection, Exploit:Java/Majava.B, is used by our cross-platform antivirus scanning engine, so our Windows customers are protected, too. Our thanks to the analyst who shared the file hash (she knows who she is).
And the result?
Our Mac AV blocked the exploit with a generic detection (created Nov. 19th 2012) called: Exploit:Java/Majava.B.
Image may be NSFW.
Clik here to view.
Nice!
So, how is the sample related? On February 15th, Mac malware samples were shared via a "Mac malware" mailing list. In the follow up discussion, two file hashes were shared, one of which is available via VirusTotal. And that sample turned out to be a Java exploit that drops a Windows backdoor. Brod analyzed the backdoor (detected as Trojan.Generic.8282738) and discovered that it attempts to connect to digitalinsight-ltd.com, one of the sinkholed C&Cs related to Friday's Mac malware.
Our generic detection, Exploit:Java/Majava.B, is used by our cross-platform antivirus scanning engine, so our Windows customers are protected, too. Our thanks to the analyst who shared the file hash (she knows who she is).
On 22/02/13 At 10:35 AM
