Web Exploit Found That Customizes Attack For Windows, Mac, and Linux

← Back to Stories (view on slashdot.org)

Web Exploit Found That Customizes Attack For Windows, Mac, and Linux

Posted by Soulskill on Tuesday July 10, 2012 @06:23AM from the making-everyone-feel-special dept.

phaedrus5001 writes with this quote from Ars: "Security researchers have found a live Web exploit that detects if the target is running Windows, Mac OS X, or Linux and drops a different trojan for each platform. The attack was spotted by researchers from antivirus provider F-Secure on a Columbian transport website, presumably after third-party attackers compromised it. The unidentified site then displayed a signed Java applet that checked if the user's computer is running Windows, Mac OS X, or Linux. Based on the outcome, the attack then downloads the appropriate files for each platform."

9 of 204 comments (clear)

Min score:

Reason:

Sort:

Blah by mystikkman · 2012-07-10 06:25 · Score: 5, Funny

When are the malware writers going to support BSD?
1. Re:Blah by hairyfeet · 2012-07-10 07:36 · Score: 5, Interesting
  
  The sad part is the BSD guys would write them a thank you note for bothering to remember them.
  So can we ALL just accept now there is no "Magical OS" that makes one immune from malware please? All OSes are EXTREMELY complex piles of code, having to support tens of thousands of drivers, scheduling and tasking, hell I doubt even Linus can tell you when you launch program Foo every single interaction that is taking place in the system, there is simply more there than any one person can know.
  Now that the retard that made XP run by default as admin has been sent packing on the short bus all three major OSes have limited users, hell Windows even has the browser run as a low rights entity to help lower the risk. Now that all three major OSes have common sense defaults ultimately it all comes down to the USER and whether they will take the time to actually think or will simply allow anything to run. I've seen it a billion times in the shop, a fully patched and AVed machine get infected NOT because of the OS but because it was the USER that refused to listen to the warnings being given him/her and choosing instead to run it anyway.
  At the end of the day the only foolproof way to get rid of malware is to take away the user's right to control their own machine, to instead stick them in a walled garden where only approved apps get run. i think we can all agree having some corporation own our machines would be a BAD thing so all we can do is warn users, try to make ever hardened systems, and be ready to clean up the messes when they happen. After Android became a hit it was only a matter of time before Linux got put in the crosshairs and now that day appears to be here and I for one will be interested to see how the community reacts.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
2. Re:Blah by Compaqt · 2012-07-10 08:21 · Score: 5, Insightful
  
  I haven't tried the exploit, but again:
  On my machine, all the important stuff is in the /home directory.
  There's nothing really interesting in the "system". I don't even really care about the system. It's just an ISO download away from reinstall.
  My files, on the other hand, are what's important.
  
  --
  I'm not a lawyer, but I play one on the Internet. Blog
if (linux) by Ynot_82 · 2012-07-10 06:32 · Score: 5, Funny

if(linux) { exec 'su - root' || die 'shit, I had to try something...'; }
Interesting author in source code by sl4shd0rk · 2012-07-10 06:49 · Score: 5, Informative

If you google getParameter( "ILIKEHUGS" ); from the screen shot in TFA, you can find a java file which looks suspiciously like the one in TFA. I lold at the header comment. I don't think this is a 'new' exploit:
/** * Original Author: Thomas Werth * Modifications By: Dave Kennedy, Kevin Mitnick * This is a universal Applet which determintes Running OS * ...

--
Join the Slashcott! Feb 10 thru Feb 17!
Re:Java = security nightmare by amicusNYCL · 2012-07-10 06:51 · Score: 5, Insightful

You're right, the Java programming language is not a security threat to computers in general. The Java Runtime Environment, and its various browser implementations, however, is definitely a threat. Just like PDF documents are not a threat, but Acrobat Reader is definitely a threat. See here for proof (spoiler: Java was the #1 infection vector, at 37%; Acrobat #2 at 32%).

--
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Malware for Linux? by Anonymous Coward · 2012-07-10 07:06 · Score: 5, Funny

The year of the Linux desktop has arrived!
Re:COLOMBIAN....not "Columbian" by John+Hasler · 2012-07-10 07:37 · Score: 5, Informative

Perhaps, but in American "Columbia" refers either to the river or to the district while "Colombia" refers to the nation in South America. "Columbia" is also an archaic term for the USA, as in "Columbia Gem of the Ocean".

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
very convincing by Cyko_01 · 2012-07-10 07:39 · Score: 5, Funny

On linux you need to download the source code from the repository and compile it yourself