It seems like we cannot go a week without hearing about a new virus or malware coming along for Mac users. This week we have the shiny new Backdoor.OSX.SabPub.a (or SabPub for short) to deal with. Much like the world-renowned Flashback Trojan, SabPub uses a Java exploit to get inside a user’s system and do all kinds of malicious things.
This Trojan’s main purpose is to get into the user’s system, connect to a remote website and then wait for instructions. It seems the most common use is for taking screenshots, which could lead to private information being stolen if you have such things open on your screen.
SabPub infects systems specifically through targeted attacks, so the risk of it becoming a widespread problem like Flashback are much lower, but it is still something you most certainly want to keep your eye on. There are currently two strains of the virus in the wild, and one has been around since as early as February.
One way you may be attacked is through a Word document using the CVE-2009-0563 exploit through Office on Mac. If you are opening Word documents, be careful, and make sure you know the source of the document.
Apple has not issued a statement at this time, but we can assume they are working on a fix, much like they did with the Flashback Trojan.