Another Multi-Platform Trojan Variant Discovered
Posted on July 13th, 2012 by Lysa Myers
Earlier this week we wrote about a new multi-platform Backdoor trojan that uses a Java component to determine which OS is being used and then delivers a different version of the threat for Windows, Linux or OS X. Previous variants would not work on OS X versions newer than Snow Leopard as the threat required Rosetta to function on Intel hardware.
Now a new variant has been discovered that no longer has this restriction on OS X. This is not unexpected with threats generated by kits, such as the previous variant – it’s common to continue modifying the threat over time to make more effective malware. We’ve seen this with a variety of recent OS X threats such as Tibet, Sabpab and Flashback.
Because malware authors frequently try to refine their creations over time, we always endeavor to add generic detection for threats that will protect against new variants. This new Backdoor is another case where generic detection has been effective; components of the new variant are detected with current virus definitions as OSX/ShellCode.gen or OSX/MetaData.gen.
In order to protect yourself against this new threat, make sure you have the latest virus definitions for Intego VirusBarrier X6. You may also wish to disable Java, as this is frequently used by malware to silently install new malware.