Costin Raiu, a lab expert at security firm Kapersky, reports that a new malware affecting Mac OS X is active and in the wild. The malware infects computers through Microsoft Word documents exploiting a known vulnerability.
- At least two variants of the SabPub bot exist today.
- The earliest version of the bot appears to have been created and used in February 2012.
- The malware is being spread through Word documents that exploit the CVE-2009-0563 vulnerability.
- SabPub is different from MaControl, another bot used in APT attacks in February 2012; SabPub was more effective because it stayed undetected for more than 1.5 months.
- the APT behind SabPub is active at the time of writing.