Follow Slashdot stories on Twitter


Forgot your password?
Security Windows Linux

Web Exploit Found That Customizes Attack For Windows, Mac, and Linux 204

phaedrus5001 writes with this quote from Ars: "Security researchers have found a live Web exploit that detects if the target is running Windows, Mac OS X, or Linux and drops a different trojan for each platform. The attack was spotted by researchers from antivirus provider F-Secure on a Columbian transport website, presumably after third-party attackers compromised it. The unidentified site then displayed a signed Java applet that checked if the user's computer is running Windows, Mac OS X, or Linux. Based on the outcome, the attack then downloads the appropriate files for each platform."
This discussion has been archived. No new comments can be posted.

Web Exploit Found That Customizes Attack For Windows, Mac, and Linux

Comments Filter:
  • by Anonymous Coward on Tuesday July 10, 2012 @02:34PM (#40605277)

    "java applet".

    So in other words, if you VOLUNTEER to run their malware, their malware runs. Wow. Whoda thunk it.

    Java = security nightmare. javascript not much less so. Anyone halfway security conscious only runs scripts based on a whitelist of trusted sites.

  • by amicusNYCL ( 1538833 ) on Tuesday July 10, 2012 @02:51PM (#40605543)

    You're right, the Java programming language is not a security threat to computers in general. The Java Runtime Environment, and its various browser implementations, however, is definitely a threat. Just like PDF documents are not a threat, but Acrobat Reader is definitely a threat. See here [] for proof (spoiler: Java was the #1 infection vector, at 37%; Acrobat #2 at 32%).

  • Re:Linux (Score:2, Insightful)

    by benjymouse ( 756774 ) on Tuesday July 10, 2012 @03:16PM (#40605847)

    ... and on up-to-date systems there won't be any known privilege escalation exploits.

    Think again. An attacker following the kernel source tree will be able to figure out when exploitable bugs are being patched. While such bugs/fixes are generally not called out as security fixes at that time, they are nevertheless identifiable given a small investment.

    And for many distros it takes weeks (sometimes months) for the fixes to come through to the "consumer". During that time (dubbed "high-risk days" by some researchers) the vulnerability information is in the open but systems have not yet been patched. Precisely because some patches are *not* called out as having security implications it has happened that some of the more stable distros have delayed the patch because they didn't see the urgency.

    Someone determined to take down Linux desktop systems has recurring windows of opportunity because of the open nature of the kernel and the distro system.

  • Re:Blah (Score:5, Insightful)

    by Compaqt ( 1758360 ) on Tuesday July 10, 2012 @04:21PM (#40606735) Homepage

    I haven't tried the exploit, but again:

    On my machine, all the important stuff is in the /home directory.

    There's nothing really interesting in the "system". I don't even really care about the system. It's just an ISO download away from reinstall.

    My files, on the other hand, are what's important.

  • Re:Blah (Score:4, Insightful)

    They don't even support Linux properly. Even if it's actually effective on Linux, you'd have to explicitly agree to run the exploit and then type in your password to install the stupid thing. And that would only work if you're in the sudoers group or logged in as root; otherwise, it's no go. What kind of malware is that???

    Interesting note: although example screenshots were given for the malware on Windows and OSX, there were none for Linux. Maybe it does not work at all on Linux, and the code people are foaming over is just a leftover fragment for identifying the client OS.

    Same argument goes for Windows and OS X -- and the argument is wrong. You can have software that happily installs in your home directory and has full access to userland files -- which to be honest is everything that's actually important on your computer; non-userland stuff can just be re-installed from scratch if needed.

    From what I've seen, the stuff normally dropped on Linux systems tends to be shell scripts and the like, and they don't tend to look like much in screen shots.

  • Re:Blah (Score:5, Insightful)

    by wmbetts ( 1306001 ) on Tuesday July 10, 2012 @06:00PM (#40607955)

    1) Disable Java by default. I have yet to have a website that I use regularly not work, because Java doesn't run. Whitelist the sites you want to Java on.

    2) Don't blindly click and enter your password at every prompt

    Those two things alone would make you immune to this.

  • by Anonymous Coward on Tuesday July 10, 2012 @09:57PM (#40609929)

    Yep, just more hype and FUD clickbait.

    It's an ordinary Java applet, with all the rights and controls of every other Java applet, except this applet was a pen-tester written by TrustedSec, then found by "researchers" from F-Secure. It downloads a file specific to the OS it's running on and.... more information from F-Sec

    This has beat up written all over it.

egrep -n '^[a-z].*\(' $ | sort -t':' +2.0