{"id":4243,"date":"2012-03-20T19:51:37","date_gmt":"2012-03-21T02:51:37","guid":{"rendered":"http:\/\/blog.intego.com\/?p=4243"},"modified":"2016-02-12T10:14:24","modified_gmt":"2016-02-12T18:14:24","slug":"tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/","title":{"rendered":"Tibet Malware Takes Advantage of Java Vulnerability to Harvest Information on Macs"},"content":{"rendered":"<p>A new malware, Tibet.A, has been discovered, taking advantage of a Java vulnerability that has also been used recently by the <a href=\"https:\/\/www.intego.com\/mac-security-blog\/flashback-mac-trojan-horse-infections-increasing-with-new-variant\/\">Flashback malware<\/a>. Tibet.A exploits a vulnerability that is corrected in up-to-date Macs, but that may be accessible if users don&#8217;t apply system updates.<\/p>\n<p>This malware starts by downloading a Java applet when users visit a booby-trapped web page. If the Mac in question does not have Java up to date, the Tibet malware installs a backdoor, in a manner that has become increasingly common. The goal is to copy user data &#8211; generally user names, passwords and credit card numbers &#8211; and send it to remote servers. The web pages serving this malware checks to see if the computer loading the page is a Mac or a Windows PC, and serves the appropriate form of the malware.<\/p>\n<p><!--more--><\/p>\n<p>One of the ways that users are lured to the infected websites is by e-mails that contain links to them. In this case, these e-mails have been seen to <a href=\"http:\/\/labs.alienvault.com\/labs\/index.php\/2012\/alienvault-research-used-as-lure-in-targeted-attacks\/\">specifically target Tibetan non-governmental organizations<\/a>, and this attack may be designed to try and obtain information from these organizations alone. AlienVault Labs has <a href=\"http:\/\/labs.alienvault.com\/labs\/index.php\/2012\/targeted-attacks-against-tibet-organizations\/\">an extensive report about these attacks<\/a>.<\/p>\n<p>If a Mac is infected, there is no user interaction required, and no indication that the Mac has been compromised, unless the user is running software that detects outgoing network connections, as available in Intego VirusBarrier X6&#8217;s Anti-Spyware module.<\/p>\n<p><a href=\"https:\/\/www.intego.com\/virusbarrier\/\">Intego VirusBarrier X6<\/a> with malware definitions dated March 20, 2012 or later protects against this malware as Tibet.A. While this malware is being found in the wild, the threat is currently low.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>TEST excerpt<\/p>\n","protected":false},"author":3,"featured_media":3673,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190],"tags":[75,86,297,144],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"TEST excerpt\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Tibet Malware Takes Advantage of Java Vulnerability to Harvest Information on Macs - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"TEST excerpt\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2012-03-21T02:51:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-02-12T18:14:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/02\/Malware.png\" \/>\n\t<meta property=\"og:image:width\" content=\"128\" \/>\n\t<meta property=\"og:image:height\" content=\"128\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Peter James\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/02\/Malware.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/02\/Malware.png\",\"width\":\"128\",\"height\":\"128\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/\",\"name\":\"Tibet Malware Takes Advantage of Java Vulnerability to Harvest Information on Macs - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/#primaryimage\"},\"datePublished\":\"2012-03-21T02:51:37+00:00\",\"dateModified\":\"2016-02-12T18:14:24+00:00\",\"description\":\"TEST excerpt\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Tibet Malware Takes Advantage of Java Vulnerability to Harvest Information on Macs\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116\"},\"headline\":\"Tibet Malware Takes Advantage of Java Vulnerability to Harvest Information on Macs\",\"datePublished\":\"2012-03-21T02:51:37+00:00\",\"dateModified\":\"2016-02-12T18:14:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/#webpage\"},\"wordCount\":281,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/02\/Malware.png\",\"keywords\":[\"Java\",\"Malware\",\"OSX\/Tibet\",\"Vulnerability\"],\"articleSection\":[\"Malware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116\",\"name\":\"Peter James\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g\",\"caption\":\"Peter James\"},\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"TEST excerpt","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/","og_locale":"en_US","og_type":"article","og_title":"Tibet Malware Takes Advantage of Java Vulnerability to Harvest Information on Macs - The Mac Security Blog","og_description":"TEST excerpt","og_url":"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/","og_site_name":"The Mac Security Blog","article_published_time":"2012-03-21T02:51:37+00:00","article_modified_time":"2016-02-12T18:14:24+00:00","og_image":[{"width":"128","height":"128","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/02\/Malware.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Peter James","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/02\/Malware.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/02\/Malware.png","width":"128","height":"128"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/","name":"Tibet Malware Takes Advantage of Java Vulnerability to Harvest Information on Macs - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/#primaryimage"},"datePublished":"2012-03-21T02:51:37+00:00","dateModified":"2016-02-12T18:14:24+00:00","description":"TEST excerpt","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Tibet Malware Takes Advantage of Java Vulnerability to Harvest Information on Macs"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116"},"headline":"Tibet Malware Takes Advantage of Java Vulnerability to Harvest Information on Macs","datePublished":"2012-03-21T02:51:37+00:00","dateModified":"2016-02-12T18:14:24+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/#webpage"},"wordCount":281,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/02\/Malware.png","keywords":["Java","Malware","OSX\/Tibet","Vulnerability"],"articleSection":["Malware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/tibet-malware-takes-advantage-of-java-vulnerability-to-harvest-information-on-macs\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116","name":"Peter James","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g","caption":"Peter James"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/02\/Malware.png","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-16r","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/4243"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=4243"}],"version-history":[{"count":6,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/4243\/revisions"}],"predecessor-version":[{"id":50200,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/4243\/revisions\/50200"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/3673"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=4243"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=4243"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=4243"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}