Slashdot Mirror

← Back to Stories (view on slashdot.org)

Web Exploit Found That Customizes Attack For Windows, Mac, and Linux

Posted by Soulskill on from the making-everyone-feel-special dept.

phaedrus5001 writes with this quote from Ars: "Security researchers have found a live Web exploit that detects if the target is running Windows, Mac OS X, or Linux and drops a different trojan for each platform. The attack was spotted by researchers from antivirus provider F-Secure on a Columbian transport website, presumably after third-party attackers compromised it. The unidentified site then displayed a signed Java applet that checked if the user's computer is running Windows, Mac OS X, or Linux. Based on the outcome, the attack then downloads the appropriate files for each platform."

15 of 204 comments (clear)

  1. Columbian transport website? by Kenja · · Score: 4, Funny

    Is that where the "domestic pharmaceutical procurement facilitators" meet?

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  2. Blah by mystikkman · · Score: 5, Funny

    When are the malware writers going to support BSD?

    1. Re:Blah by hairyfeet · · Score: 5, Interesting

      The sad part is the BSD guys would write them a thank you note for bothering to remember them.

      So can we ALL just accept now there is no "Magical OS" that makes one immune from malware please? All OSes are EXTREMELY complex piles of code, having to support tens of thousands of drivers, scheduling and tasking, hell I doubt even Linus can tell you when you launch program Foo every single interaction that is taking place in the system, there is simply more there than any one person can know.

      Now that the retard that made XP run by default as admin has been sent packing on the short bus all three major OSes have limited users, hell Windows even has the browser run as a low rights entity to help lower the risk. Now that all three major OSes have common sense defaults ultimately it all comes down to the USER and whether they will take the time to actually think or will simply allow anything to run. I've seen it a billion times in the shop, a fully patched and AVed machine get infected NOT because of the OS but because it was the USER that refused to listen to the warnings being given him/her and choosing instead to run it anyway.

      At the end of the day the only foolproof way to get rid of malware is to take away the user's right to control their own machine, to instead stick them in a walled garden where only approved apps get run. i think we can all agree having some corporation own our machines would be a BAD thing so all we can do is warn users, try to make ever hardened systems, and be ready to clean up the messes when they happen. After Android became a hit it was only a matter of time before Linux got put in the crosshairs and now that day appears to be here and I for one will be interested to see how the community reacts.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    2. Re:Blah by AliasMarlowe · · Score: 4, Informative

      They don't even support Linux properly. Even if it's actually effective on Linux, you'd have to explicitly agree to run the exploit and then type in your password to install the stupid thing. And that would only work if you're in the sudoers group or logged in as root; otherwise, it's no go. What kind of malware is that???

      Interesting note: although example screenshots were given for the malware on Windows and OSX, there were none for Linux. Maybe it does not work at all on Linux, and the code people are foaming over is just a leftover fragment for identifying the client OS.

      --
      Those who can make you believe absurdities can make you commit atrocities. - Voltaire
    3. Re:Blah by Compaqt · · Score: 5, Insightful

      I haven't tried the exploit, but again:

      On my machine, all the important stuff is in the /home directory.

      There's nothing really interesting in the "system". I don't even really care about the system. It's just an ISO download away from reinstall.

      My files, on the other hand, are what's important.

      --
      I'm not a lawyer, but I play one on the Internet. Blog
    4. Re:Blah by wmbetts · · Score: 4, Insightful

      1) Disable Java by default. I have yet to have a website that I use regularly not work, because Java doesn't run. Whitelist the sites you want to Java on.

      2) Don't blindly click and enter your password at every prompt

      Those two things alone would make you immune to this.

      --
      "Ubuntu" -- an African word, meaning "Slackware is too hard for me". - stolen from Dan C alt.os.linux.slackware
  3. if (linux) by Ynot_82 · · Score: 5, Funny

    if(linux) { exec 'su - root' || die 'shit, I had to try something...'; }

  4. Finally some multi-platform support by GameboyRMH · · Score: 4, Funny

    Now if only the major business software companies were this considerate...

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  5. Only older Macs. by used2win32 · · Score: 4, Informative

    Quoted: "Surprisingly for such an advanced exploit, it was unable to infect modern Macs unless they were modified to run software known as Rosetta. The software allows Macs using Intel processors to run applications written for Macs using PowerPC processors, which were phased out about five years ago. Rosetta is no longer even supported on Lion, the most recent version of OS X."

    Rosetta not supported on Lion and not installed by default in Snow Leopard.

    So no current Macs and only older Macs that use Rosetta risk infection. That number has to be pretty low...

    I don't any *nix user has much to worry about either...

    --
    Procrastination; I'll think of a sig tomorrow.
  6. Interesting author in source code by sl4shd0rk · · Score: 5, Informative

    If you google getParameter( "ILIKEHUGS" ); from the screen shot in TFA, you can find a java file which looks suspiciously like the one in TFA. I lold at the header comment. I don't think this is a 'new' exploit:
    /**
      * Original Author: Thomas Werth
      * Modifications By: Dave Kennedy, Kevin Mitnick
      * This is a universal Applet which determintes Running OS
      * ...

    --
    Join the Slashcott! Feb 10 thru Feb 17!
  7. Re:Java = security nightmare by amicusNYCL · · Score: 5, Insightful

    You're right, the Java programming language is not a security threat to computers in general. The Java Runtime Environment, and its various browser implementations, however, is definitely a threat. Just like PDF documents are not a threat, but Acrobat Reader is definitely a threat. See here for proof (spoiler: Java was the #1 infection vector, at 37%; Acrobat #2 at 32%).

    --
    "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
  8. Malware for Linux? by Anonymous Coward · · Score: 5, Funny

    The year of the Linux desktop has arrived!

  9. Re:Most Macs are probably immune. by Yaztromo · · Score: 4, Informative

    That'd be news to the millions getting new macs and using Java.

    The GP is correct. Apple stopped shipping Java with OS X with the release of Lion.

    That said, if you try to run something the requires Java, OS X will offer to download and install it for you. However with the latest OS X updates the Java browser plug-in and Java Web Start are now disabled by default, and have to be explicitly enabled by the user in the Java Preferences app. And if they do explicitly enable it, it will auto-disable itself again if it hasn't been used in some time.

    That's a lot of extra hoops to jump through to get this to work on a modern, up-to-date Mac. Then again, the people who develop and propagate malware such as this tend to target those who don't keep their systems up-to-date, ensuring it is still a concern for many users (with those at most risk being the ones least knowledgable to do much about it, or even be aware that anything is wrong).

    Yaz

  10. Re:COLOMBIAN....not "Columbian" by John+Hasler · · Score: 5, Informative

    Perhaps, but in American "Columbia" refers either to the river or to the district while "Colombia" refers to the nation in South America. "Columbia" is also an archaic term for the USA, as in "Columbia Gem of the Ocean".

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  11. very convincing by Cyko_01 · · Score: 5, Funny

    On linux you need to download the source code from the repository and compile it yourself