Dubbed "Sabpab," the threat uses the same Java vulnerability that the Flashback botnet exploited last month in creating 650,000 Mac zombies.
Sophos says you can check to see if you have been infected by searching for the following files:
/Library/Preferences/com.apple.PubSabAgent.pfile
/Library/LaunchAgents/com.apple.PubSabAGent.plist
Sabpab has been described as a "basic backdoor Trojan horse" which allows control servers to execute commands remotely on infected Macs.
Apple has already patched the vulnerability and the new trojan is not as widespread as Flashback was, but still remains a threat if you have not updated.
Written by: Andre Yoskowitz @ 13 Apr 2012 19:15