Flashback infections now down to 140,000 Mac units

Share on facebook
Share on twitter
Share on linkedin
Share on email

Further analysis on the domain name generator (DNG) algorithm has revealed that Flashback does not limit itself to using ?.com? as the top level domain (TLD). It chooses from the following five TLDs: .com, .in, .info, .kz, and .net The recent Oracle Java SE Remote Java Runtime Environment denial of service vulnerability used to distribute the Flashback Trojan has now also been seen to be distributing another Mac threat: OSX.Sabpab. OSX.Sabpab has also been seen in targeted attacks distributed with malicious Word documents exploiting the Microsoft Word Record Parsing Buffer Overflow Vulnerability. The Flashback payload is considerably larger than the initial stage downloading component. Symantec said one of the new features of the Trojan is that it can now retrieve updated C&C locations through Twitter posts by searching for specific hashtags generated by the OSX.Flashback.K hashtag algorithm.]]>

Latest Posts

Archives