Web Exploit Found That Customizes Attack For Windows, Mac, and Linux

phaedrus5001 writes with this quote from Ars: "Security researchers have found a live Web exploit that detects if the target is running Windows, Mac OS X, or Linux and drops a different trojan for each platform. The attack was spotted by researchers from antivirus provider F-Secure on a Columbian transport website, presumably after third-party attackers compromised it. The unidentified site then displayed a signed Java applet that checked if the user's computer is running Windows, Mac OS X, or Linux. Based on the outcome, the attack then downloads the appropriate files for each platform."

Re:Blah

[Gerzel]

No it isn't. The largest BSD distro is Machintosh!

Re:Blah

[hairyfeet]

The sad part is the BSD guys would write them a thank you note for bothering to remember them.

So can we ALL just accept now there is no "Magical OS" that makes one immune from malware please? All OSes are EXTREMELY complex piles of code, having to support tens of thousands of drivers, scheduling and tasking, hell I doubt even Linus can tell you when you launch program Foo every single interaction that is taking place in the system, there is simply more there than any one person can know.

Now that the retard that made XP run by default as admin has been sent packing on the short bus all three major OSes have limited users, hell Windows even has the browser run as a low rights entity to help lower the risk. Now that all three major OSes have common sense defaults ultimately it all comes down to the USER and whether they will take the time to actually think or will simply allow anything to run. I've seen it a billion times in the shop, a fully patched and AVed machine get infected NOT because of the OS but because it was the USER that refused to listen to the warnings being given him/her and choosing instead to run it anyway.

At the end of the day the only foolproof way to get rid of malware is to take away the user's right to control their own machine, to instead stick them in a walled garden where only approved apps get run. i think we can all agree having some corporation own our machines would be a BAD thing so all we can do is warn users, try to make ever hardened systems, and be ready to clean up the messes when they happen. After Android became a hit it was only a matter of time before Linux got put in the crosshairs and now that day appears to be here and I for one will be interested to see how the community reacts.

Re:Blah

[strikethree]

which to be honest is everything that's actually important on your computer; non-userland stuff can just be re-installed from scratch if needed.

I keep seeing this meme which seems to be promoting the idea that userland infection >= system level infection by claiming (mostly correctly) that the only important files to the user are in the users own directory.

You have backups of /home right? So what is the problem with restoring it. Losing /home is NOT the worst thing that can happen to you. Having a virus that you can not detect is. Let's see how happy you are when your files start getting corrupted and keep getting corrupted and you have no idea why. System level infection is far worse than userland so can we let this meme die now please?