Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security Windows Linux

Web Exploit Found That Customizes Attack For Windows, Mac, and Linux 204

Posted by Soulskill from the making-everyone-feel-special dept.
phaedrus5001 writes with this quote from Ars: "Security researchers have found a live Web exploit that detects if the target is running Windows, Mac OS X, or Linux and drops a different trojan for each platform. The attack was spotted by researchers from antivirus provider F-Secure on a Columbian transport website, presumably after third-party attackers compromised it. The unidentified site then displayed a signed Java applet that checked if the user's computer is running Windows, Mac OS X, or Linux. Based on the outcome, the attack then downloads the appropriate files for each platform."
This discussion has been archived. No new comments can be posted.

Web Exploit Found That Customizes Attack For Windows, Mac, and Linux More

Web Exploit Found That Customizes Attack For Windows, Mac, and Linux

Comments Filter:

  • lol (Score:0, Informative)

    by Anonymous Coward on Tuesday July 10, 2012 @02:26PM (#40605145)

    Java !

  • COLOMBIAN....not "Columbian" (Score:2, Informative)

    by Anonymous Coward on Tuesday July 10, 2012 @02:28PM (#40605179)

    Please learn how to spell.

  • Most Macs are probably immune. (Score:0, Informative)

    by Anonymous Coward on Tuesday July 10, 2012 @02:29PM (#40605191)

    Mac OS X doesn't ship with Java anymore.

  • Re:COLOMBIAN....not "Columbian" (Score:2, Informative)

    by Anonymous Coward on Tuesday July 10, 2012 @02:38PM (#40605321)

    Maybe it was a website about the bus lines in Columbia, South Carolina.

  • Only older Macs. (Score:4, Informative)

    by used2win32 ( 531824 ) on Tuesday July 10, 2012 @02:40PM (#40605353)
    Quoted: "Surprisingly for such an advanced exploit, it was unable to infect modern Macs unless they were modified to run software known as Rosetta. The software allows Macs using Intel processors to run applications written for Macs using PowerPC processors, which were phased out about five years ago. Rosetta is no longer even supported on Lion, the most recent version of OS X."

    Rosetta not supported on Lion and not installed by default in Snow Leopard.

    So no current Macs and only older Macs that use Rosetta risk infection. That number has to be pretty low...

    I don't any *nix user has much to worry about either...

  • Interesting author in source code (Score:5, Informative)

    by sl4shd0rk ( 755837 ) on Tuesday July 10, 2012 @02:49PM (#40605497)

    If you google getParameter( "ILIKEHUGS" ); from the screen shot in TFA, you can find a java file which looks suspiciously like the one in TFA. I lold at the header comment. I don't think this is a 'new' exploit:
    /**
      * Original Author: Thomas Werth
      * Modifications By: Dave Kennedy, Kevin Mitnick
      * This is a universal Applet which determintes Running OS
      * ...

  • Re:Most Macs are probably immune. (Score:1, Informative)

    by EliSowash ( 2532508 ) <eliNO@SPAMsowash.net> on Tuesday July 10, 2012 @02:50PM (#40605505)
    Eh? How do you figure? Macs run Apple's version of Java...which means, they'd dutifully execute this applet. If you'd have said 'Mac users have to be running Rosetta in order to be infected' I'd give you your street cred back.

  • Re:Blah (Score:3, Informative)

    by kiriath ( 2670145 ) on Tuesday July 10, 2012 @02:54PM (#40605583)

    Well, OS X is built on BSD so technically they kinda do?

  • Re:COLOMBIAN....not "Columbian" (Score:3, Informative)

    by Baloroth ( 2370816 ) on Tuesday July 10, 2012 @02:56PM (#40605619)

    Ironically, "Columbia" is the correct spelling in English (taken from "Columbus"). "Colombia" is the Spanish spelling (taken from "Colón"). Since English doesn't have the "ó", we use a "u" instead. Now, being a proper name you can use either (English is very flexible), but the English spelling is "Columbia".

  • Re:Most Macs are probably immune. (Score:5, Informative)

    by Yaztromo ( 655250 ) on Tuesday July 10, 2012 @03:13PM (#40605821) Homepage Journal

    That'd be news to the millions getting new macs and using Java.

    The GP is correct. Apple stopped shipping Java with OS X with the release of Lion.

    That said, if you try to run something the requires Java, OS X will offer to download and install it for you. However with the latest OS X updates the Java browser plug-in and Java Web Start are now disabled by default, and have to be explicitly enabled by the user in the Java Preferences app. And if they do explicitly enable it, it will auto-disable itself again if it hasn't been used in some time.

    That's a lot of extra hoops to jump through to get this to work on a modern, up-to-date Mac. Then again, the people who develop and propagate malware such as this tend to target those who don't keep their systems up-to-date, ensuring it is still a concern for many users (with those at most risk being the ones least knowledgable to do much about it, or even be aware that anything is wrong).

    Yaz

  • Re:COLOMBIAN....not "Columbian" (Score:5, Informative)

    by John Hasler ( 414242 ) on Tuesday July 10, 2012 @03:37PM (#40606139) Homepage

    Perhaps, but in American "Columbia" refers either to the river or to the district while "Colombia" refers to the nation in South America. "Columbia" is also an archaic term for the USA, as in "Columbia Gem of the Ocean".

  • Re:Blah (Score:5, Informative)

    by AliasMarlowe ( 1042386 ) on Tuesday July 10, 2012 @03:55PM (#40606365) Journal

    They don't even support Linux properly. Even if it's actually effective on Linux, you'd have to explicitly agree to run the exploit and then type in your password to install the stupid thing. And that would only work if you're in the sudoers group or logged in as root; otherwise, it's no go. What kind of malware is that???

    Interesting note: although example screenshots were given for the malware on Windows and OSX, there were none for Linux. Maybe it does not work at all on Linux, and the code people are foaming over is just a leftover fragment for identifying the client OS.

  • Re:Columbian transport website? (Score:2, Informative)

    by Anonymous Coward on Tuesday July 10, 2012 @04:05PM (#40606523)

    This is an open source tool called SET its used for penetration testers -- Applet code here -- https://svn.secmaniac.com/social_engineering_toolkit/src/webattack/java_applet/

Slashdot Top Deals

One man's constant is another man's variable. -- A.J. Perlis

Close