[Fed-Talk] MS analyzes Mac Malware
[Fed-Talk] MS analyzes Mac Malware
- Subject: [Fed-Talk] MS analyzes Mac Malware
- From: Todd Heberlein <email@hidden>
- Date: Sun, 06 May 2012 12:22:08 -0700
The key takeaway, IMHO, is that attackers are starting to build the experience to exploit Mac vulnerabilities.
The architecture they describe is pretty standard: A maliciously crafted document includes a dropper vector and some malware. A vulnerable client (Microsoft Word in this case) opens the document, the dropper deposits the malware on the machine and then executes it. The malware is a command & control agent, and it contacts a C&C server. The agent can carry out various tasks such as retrieving files or running additional commands.
An interesting case of Mac OSX malware
as we see in the example analysis above, the techniques and understanding needed to do so may be much the same as those used against other platforms.
If you're using Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac or Open XML File Format Converter for Mac, be sure to update using the latest product updates.
Todd
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden