Mac OS X OSX/Sabpab Trojan Detection
Critical Nessus Plugin ID 58812
SynopsisThe remote Mac OS X host appears to have been compromised.
DescriptionUsing the supplied credentials, Nessus has found evidence that the remote Mac OS X host has been compromised by a Trojan in the OSX/Sabpab (alternatively known as OSX/Sabpub) family of Trojans.
OSX/Sabpab is typically installed by means of a malicious Word document that exploits a stack-based buffer overflow in Word (CVE-2009-0563). Once installed, it opens a backdoor for a remote attacker to upload or download files, take screenshots, and run arbitrary commands.
SolutionRestore the system from a known set of good backups.