|
DESCRIPTION
|
The Exploit-OLE2.gen trojan disguises itself as a Word Document. Upon opening in a vulnerable Mac system, it executes a script that writes the malware itself and then a shell script that runs it. The malware takes advantage of a Java vulnerability patched by Microsoft in Bulletin MS09-027. In the variants observed, the malware is stored as binary files called "DockLight" or "launchd" while showing the user a text about Tibetan freedom and grievances. Both binaries can be easily found just by looking for them in the system.
|