Want CNET to notify you of price drops and the latest stories?

New Mac malware spreading from Dalai Lama tribute site

"Dockster" takes advantage of the same vulnerability exploited by the "Flashback" malware, which infected more than 600,000 computers.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
Gyalwarinpoche.com, which is hosting malware. Screenshot by Steven Musil/CNET

A new piece of Mac malware has been discovered on a Web site linked to the Dalai Lama, using a well-documented Java exploit to install a Trojan on visitors' computers and steal personal information.

Dubbed "Dockster," the malware was found lurking on Gyalwarinpoche.com, according to security research firm F-Secure. The malware takes advantage of the same vulnerability exploited by the "Flashback" malware to install a basic backdoor that allows the attacker to download files and log keystrokes.

(For more technical information about how the malware operates, see this report by my colleague Topher Kessler.)

Although "Dockster" leverages an exploit that has already been patched, computers not updated or running older software may still be at risk. F-Secure notes that this is not the first time Gyalwarinpoche.com has been compromised and warns that Mac users aren't the only ones who should avoid visiting the site; Windows malware has also been detected on it.

At its height, the original Flashback, which was designed to grab passwords and other information from users through their Web browser and other applications, was estimated to be infecting more than 600,000 Macs. The original malware, first detected in fall 2011, typically installed itself after a user mistook it for a legitimate browser plug-in while visiting a malicious Web site. The malware would then collect personal information and send it back to remote servers.