A new piece of malicious software targeted at Mac users has been found on a website dedicated to the Dalai Lama, but one security vendor is labeling it as low risk, reports the “IDG News Service” ().
The malware, nicknamed “Dockster,” is a backdoor that allows an attacker to control the victim’s computer, record keystrokes and export files, according to Intego, which sells security software for Macs. Dockster tries to infect computers by exploiting a vulnerability in Java, CVE-2012-0507.
IDG says the vulnerability is the same one used by the Flashback malware, which first appeared around September 2011 and infected as many as 800,000 computers via a drive-by download. Flashback was used to fraudulently click on advertisements in order to generate illicit revenue in a type of scam known as click fraud.
Apple patched the vulnerability in Java in early April and then undertook a series of steps to remove the frequently targeted application from Macs. Apple stopped bundling Java with Mac OS X 10.7 Lion and continued the trend with OS X 10.8 Mountain Lion.