Slashdot Mirror

← Back to Stories (view on slashdot.org)

Multiplatform Java Botnet Spotted In the Wild

Posted by timothy on from the semi-equal-opportunity dept.

It's fun sometimes to be smug because you are ("one is") using an operating system less susceptible to malware, or at least less targeted by malware creators, than is Microsoft Windows. Now, reader Orome1 writes with word of a Java-based, equal-opportunity botnet Trojan, excerpting from Help Net Security's report: "'IncognitoRAT is one example of a Java-based Trojan discovered in the wild that is being downloaded and installed by another component. This malware behaves like other Windows botnets but uses source code and libraries that can operate on other platforms,' explains McAfee's Carlos Castillo." So far, no mention of a Linux version, though.

6 of 203 comments (clear)

  1. Typical. Bloody typical. by martinux · · Score: 5, Funny

    No mention of linux support. Do we always have to come last?

  2. Re:um.... by guruevi · · Score: 5, Informative

    If you rtfa, the software (trojan) has to be installed somehow. The payload has to get on a computer and be executed.

    FTFA: The original propagation vector of IncognitoRAT is a Windows executable, but apparently it was created using the tool JarToExe, which includes, among other features, the ability to convert .jar files into .exe files, to add program icons and version information, and protect and encrypt Java programs...However, we’ve seen only the PC version in a downloader/dropper in the wild.

    Yes, I can run a Java-based botnet client (it may be one of the first) but I have to get it to run on a computer without user interaction or demands for passwords or administrative rights - Windows excels in that part of the attack vector.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  3. Exactly what OS isn't susceptible to trojans? by l0ungeb0y · · Score: 5, Insightful

    AFAIK, any OS that allows a user to install software is susceptible to malware.
    Anyone smugly thinking they aren't is an idiot.

    Wake me up when a worm has been discovered in the wild targeting OS X or Linux

  4. Re:um.... by John+Hasler · · Score: 4, Insightful

    ...but uses source code and libraries that can operate on other platforms,

    Read that again. Source code.

    Also from the article:

    The original propagation vector of IncognitoRAT is a Windows executable, but apparently it was created using the tool JarToExe, which includes, among other features, the ability to convert .jar files into .exe files,...

    In other words, it may be source compatible with Linux but there is no Linux binary in the wild. The jar files might run on Linux but the key component needed to download and install it is a Windows binary.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  5. Re:um.... by jd2112 · · Score: 4, Insightful

    So typical. Program is written in Java but packaged so it is Windows only defeating the main purpose of using Java in the first place.

    --
    Any insufficiently advanced magic is indistinguishable from technology.
  6. Re:RUN FOR YOU LIVES !! by 2.7182 · · Score: 4, Funny

    I believe this thing is called a "javawocky."