Mac OS X OSX/Sabpab Trojan Detection

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mac OS X host appears to have been compromised.

Description :

Using the supplied credentials, Nessus has found evidence that the
remote Mac OS X host has been compromised by a Trojan in the
OSX/Sabpab (alternatively known as OSX/Sabpub) family of Trojans.

OSX/Sabpab is typically installed by means of a malicious Word
document that exploits a stack-based buffer overflow in Word
(CVE-2009-0563). Once installed, it opens a backdoor for a remote
attacker to upload or download files, take screenshots, and run
arbitrary commands.

See also :

http://www.nessus.org/u?2fbcf878

Solution :

Restore the system from a known set of good backups.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: MacOS X Local Security Checks

Nessus Plugin ID: 58812 ()

Bugtraq ID:

CVE ID: