April 17, 2012, 10:22 AM — The irony may only annoy Mac users already angry about the sudden proliferation of malware for their machines, but the two most recently discovered Trojan Horses for OS X are getting exactly what Mac users demanded of the computer industry for years: revisions delivered quickly enough that the Mac version of an application isn't always a generation behind the Windows version.
The SabPub Trojan horse discovered Saturday by Kaspersky Labs has already gotten a makeover that allows it to infect Macs using boobytrapped Word documents, according to Sophos' NakedSecurity newsletter.
The Microsoft Word exploit is a new delivery method for SabPab, which had relied on the same drive-by Java flaw used by the Flashback Trojan to build a botnet army of as many as 700,000 machines.
Apple issued a patch for that particular flaw in its Java implementation on April 13.
The patch removes the Flashback virus and shuts off Java in browsers running on OS X, which should stymie the earlier version of both Trojans but does nothing about the flaw SabPab exploits in Word.
Unlike the original SabPub, the renamed SabPab does require some interaction from users to launch itself, though they only have to open the Word document, not give specific permission for the code to run.
SabPab exploits the same security flaw in Microsoft Word as the remote-access Trojan discovered by AlienVault late last month, which also plants a decoy Word document on the victim's hard drive while launching the malware payload in the background.
Both exploit a known flaw in Word that allows unauthorized code from another source to run without the user's knowledge or permission.