Cross-platform Trojan attacks Windows, Intel Macs, Linux
Summary: A second cross-platform Trojan downloader has been discovered that detects if you're running Windows, Mac OS X, or Linux, and then downloads the corresponding malware for your platform. Unlike the first one, which supported PowerPC Macs, this one does Intel x86 Macs.
Just like last time, the Trojan downloader checks your operating system so it can pick which malware to download onto your computer. The Web-based social engineering attack relies on a malicious Java applet to install backdoors on Windows, Mac, and Linux computers. When you first visit such a compromised site, you are prompted to install the Java applet, which unsurprisingly hasn't been signed with a certificate. If you do so, the applet checks which operating system you have (Windows, Mac OS X, or Linux) and then drops a corresponding Trojan for your platform.
F-Secure, which first found the Web exploit, detects the initial malware as Trojan-Downloader:Java/GetShell.A. The respective payloads for Windows, Mac, and Linux are detected as follows: Backdoor:W32/TES.A, Backdoor:OSX/TESrel.A, and Backdoor:Linux/GetShell.A. The Trojan downloader was written using the Social-Engineer Toolkit (SET), an open-source and publicly-available Python tool designed for penetration testing.
The security firm says the payloads remain the same, with only their implementations changed. The Windows payload is in the form of a shellcode which is executed using the SET module shellcodeexec.binary, but has the same behavior. Instead of connecting to a remote server to get additional shellcode to execute (which then opens a reverse shell), the OS X binary immediately opens a reverse shell, which attackers can then leverage with ease. The Linux binary remains the same except that it is using a different server.
Malware writers love using a cross-platform plugin as an attack vector because it allows them to target more than one operating system, and thus more potential users. It shouldn't surprise you that Java is being used: the platform has loads of security holes, and it runs on all the major operating systems.
See also:
- Malicious Chrome extensions hijack Facebook accounts
- Malware tricks Facebook users into exposing credit cards
- Up to 1.5 million Visa, MasterCard credit card numbers stolen
- New Flashback variant silently infects Macs
- Wikipedia: If you see ads on our site, you have malware
- New targeted Mac OS X Trojan requires no user interaction
- Over 600,000 Macs infected with Flashback Trojan
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
1 of many Rules
This is not what we were told
swami.NET says it true
So that must make it true
True as loud, noisy little boy blue
Come toot your horn, little boy blue
lol...
How are naive computer users supposed to know these rules?
Huh. Turns out reality is more nuanced. Whodathunkit?
PS Really daikon, you should take this as very good news. It means that Linux has now gained enough marketshare to be unsafe. Just more proof that Linux was only ever "secure" because it didn't have enough marketshare to be on the radar. Congrats, this must be a very happy day for you.
Malware is not a virus!
and when exactly linux became an OS for stupid people?! you MS fans always say linux is difficult for non geek people but now it has become an OS for noobs?! plz enlighten me
Yes malware is not a virus!
For instance worms are
But i can make a trojan and you are stupid enough to use it! how in the hell linux can protect you from your stupidity?!
For instance worms are
But i can make a trojan and you are stupid enough to use it! how in the hell linux can protect you from your stupidity?!
When? Probably today
If the best thing you have
The traditional computer virus doesn't exist any more...and hasn't existed in quite some time...it has been at least 10 years since the last traditional virus was discovered in the wild....it is really time to stop using this lame argument.
demento, memento stuxnet?
Both conficker and stuxnet could replicate themselves, so they were viruses as well.
If we are being pedantic, you have the wrong definition of a virus
The ability to replicate is not the defining characteristic of a virus. Conficker and Stuxnet were NOT viruses.
http://www.symantec.com/security_response/writeup.jsp?docid=2010-071400-3123-99
Stuxnet: worm
http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99
Conficker: worm
There have been no successful Windows viruses for over 10 years.
It depends on how you want to categorize them
===========
Anyway this new system sux there is a lot of errors and we can't change or delete our comments!
Why?
Maybe you don't get out much, but there's a reason why these malware remover bits and bobs have virus (under whatever definition) signatures. Either that, or they're more than lazy and just keep building up a pile of useless information for their jollies.
Very good
Whole point???
The whole point of my computer is to do stuff.
That stuff doesn't get interrupted by me having to deal with viruses cause I am using OS X.
Yeah I could click on a malware link one day, but statistically speaking the chances of that happening are quite low.
Statistically speaking the chances of a Windows computer getting malware or a virus are very high.
The experience of the computer users I know and my own experience show this to be the case.
Also since this is evidence of existing malware for OS X & Linux and not something new it does not represent the point at which the magic change you are claiming happens, it is more evidence that market share is a stupid argument.
Mac malware started way way back.
Look at where Norton & Symantec started their product line, it wasn't Windows.
I used Symantec Anti-Virus on Macs decades ago when there were Mac viruses.
Funny how Macs were there first, and Windows apologists are conveniently ignorant of where their wonderful technologies came from.
Whie you are at it you may look at where Word & Excel started their existance. It wasn't Windows either.
Apple gave you Word & Excel - now thank them for it.
Macs are not yet to get attacked, they are yet to suffer a serious attack on the Windows scale.
It's not Market Share, it may be stupidity of the malware writers I admit, and maybe the Mac will one day be attacked with great success.
Security is always to some extent an illusion. I'll bet your house's defences no matter how well secured could be breached given enough effort.
But for now in the real world It's still OS X for safety and reliability, and Windows would be a dumb choice.
Linux and Market Share.
Here is good site to help Break down real OS usage.
http://en.wikipedia.org/wiki/Usage_share_of_operating_systems
Only if you believe FUD from anti-virus companies...
There's been no proof Linux desktops have been compromised by this.
We only have todd's bottom and F-Secure's word for it and we all should know what they amount to.
Writing cross-platform malware is not hard.
The trick is getting the malware onto user's systems. Its an easy trick with Windows as evidenced by the billions of Windows computers that have been infected with malware over the years. Go to one web site, don't even click on the site, and boom, Windows is owned.
But, do you have any evidence there is even 1 infected Linux computer outside of a lab?
Please provide links.
And don't even bother using spam email as evidence, as it was recently shown, anything, and everything, in a spam email can be faked, so there is no reliable evidence there.
Most linux users are not running under an admistrator account
I know you know this. The question is: Why are you acting as if you don't?