Manual Removal Instructions
Protection
Keep your Mac protected against the latest threats with F-Secure Anti-Virus for Mac. Try it now for 30 days for free.
Arrival
Sabpab.A is dropped into the system by malicious Java applets that exploit the vulnerability identified by CVE-2012-0507, and malicious Word documents that exploit CVE-2009-0563.
Installation
The malware drops the following copy of itself:
It creates the following launchpoint for the file above:
Payload
The malware connects to a remote server to obtain additional commands. The server varies between samples. As of this writing, there are two known servers:
The backdoor is capable of performing the following actions: