On November 30th, Intego blogged about OS X spyware it calls OSX/Dockster.A. This relatively simple backdoor trojan, found on Virus Total, provides a remote shell to give a remote attacker access to the system, provides a channel for downloading additional files, and has keylogger functionality. They flagged it as low-risk, as at that time it was not known to be in the wild. It was, however, suggested that its exposure to Virus Total might be intended as a test before pushing it to the public.
Sure enough, F-Secure has blogged today (3rd December 2012) about a Dalai Lama-related website from which the Java-based exploit CVE-2012-0507 (also used by Sabpab and Flashback) to push the Dockster malware. While neither F-Secure nor Sophos seem sure whether Hxxp://gyalwarinpoche.com is a legitimate site that has been compromised, it is, in fact, the Dalai Lama’s Tibetan language site, set up in 2010.