“Dockster” takes advantage of the same vulnerability exploited by the “Flashback” malware, which infected more than 600,000 computers.
A new piece of Mac malware has been discovered on a Web site linked to the Dalai Lama, using a well-documented Java exploit to install a Trojan on visitors’ computers and steal personal information.
Dubbed “Dockster,” the malware was found lurking on Gyalwarinpoche.com, according to security research firm F-Secure. The malware takes advantage of the same vulnerability exploited by the “Flashback” malware to install a basic backdoor that allows the attacker to download files and log keystrokes.
(For more technical information about how the malware operates, see this report by my colleague Topher Kessler.)
Although “Dockster” leverages an exploit that has already been patched, computers not updated or running older software may still be at risk. F-Secure notes that this is not the first time Gyalwarinpoche.com has been compromised and warns that Mac users aren’t the only ones who should avoid visiting the site; Windows malware has also been detected on it.
At its height, the original Flashback, which was designed to grab passwords and other information from users through their Web browser and other applications, was estimated to be infecting more than 600,000 Macs. The original malware typically installed itself after a user mistook it for a legitimate browser plug-in while visiting a malicious Web site. The malware would then collect personal information and send it back to remote servers.