Microsoft Details Mac OS X Malware That Exploits Office Vulnerability
admin 
Malware that targets Mac OS X machines is becoming widespread and most major companies have come to realize that Apple products are not as safe from malicious viruses as they were once. As expected, Microsoft also came forward to provide an example of a Mac OS X threat.
This particular malware, identified as Exploit:MacOS_X/MS09-027.A, leverages a remote code execution vulnerability in Microsoft Office, which was addressed by the company back in 2009.
Although the infection rates are not as widespread as in the case of the now-infamous Flashback Trojan, the company’s security experts reveal that there are still a number of computer owners who have failed to apply the security update, thus putting their assets at risk.
So how does the infection work?
First of all, it has been determined that the exploit works only on Snow Leopard or earlier versions of the operating system because starting with Lion, the memory address targeted by the malware is read–only.
As the diagram shows, the stack-based buffer overflow vulnerability is used to corrupt a local variable, which is later utilized to deploy the “stage 1” shellcode to a specific area.
This “stage 1” shellcode then leads to the “stage 2” shellcode, which is the location in the memory where the actual infection occurs.
“Stage 2” creates a number of three files: tmp/launch-hs, /tmp/launch-hse, and /tmp/file.doc. The first file actually contains a shell script or an executable which launches /tmp/launch-hs and and opens /tmp/file.doc.
The latter is actually a decoy document that’s designed to trick users into believing that there’s nothing malicious involved.
/tmp/launch-hse is the main payload file that, once it’s executed, starts communicating with the malware’s command and control server.
“Statistically speaking, as this operating system gains in consumer usage, attacks on the platform will increase. Exploiting Mac OSX is not much different from other operating systems. Even though Mac OSX has introduced many mitigation technologies to reduce risk, your protection against security vulnerabilities has a direct correllation with updating installed applications,” Jeong Wook Oh of the MMPC concluded.
[softpedia]
Post comment
Follow us on Twitter![Powered by Android Galaxy SII]
Blogroll
Google Search :)
Calendar
Archives
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
Recent Posts
- Download Code Editor for Windows 8
- AMD’s FX-9590 CPU hits 5 GHz
- PRISM Fallout: In Cloud We Don’t Trust?
- The Best Features Of iOS 7
- Chrome starts staking out mobile-browsing turf
- Android Dramatically Extends Lead With Open Source Developers
- Hadoop: What It Is And How It Works
- Dropbox vs. Google Drive vs. Amazon vs. Skydrive: Which One Is Fastest ?
- Google And SAP: Two Very Different Cloud Strategies
- BlackBerry to offer BBM as standalone app for iOS and Android this summer