ID: IRCNE2012051486
Date: 2012-05-02
According to "zdnet", security vendors have discovered a new piece of malware that attacks both PCs and Macs. It uses the same Java security vulnerability exploited by the Flashback malware that infected hundreds of thousands of Macs.
Malware writers love using a cross-platform plugin as an attack vector because it allows them to target more than one operating system, and thus more potential users. Since Java has been having security problems for a while now, it shouldn’t be too much of a surprise it is now being used in an attack targeting both Windows and Mac computers.
This particular malware exploits the Java vulnerability to download further malicious code onto your computer, as you can see above. A backdoor Trojan written in C++ is installed on Windows while a similar Trojan written in Python called update.py (extracted from install_flash_player.py) is installed on Mac OS X.
Both droppers result in a Trojan that opens a back door on the compromised computer, allowing remote hackers to secretly send commands, upload code to the victim’s computer, steal files, and run commands without the user’s knowledge. The two Trojans are downloaded from the same server.
Patches for this Java vulnerability have been available since February 14 for Windows, Linux, and Unix computers. Apple released a patch in early April, before the Flashback botnet was discovered. Apple has not issued a Java security update for users running versions of Mac OS X prior to 10.6 (Snow Leopard) because it wants to upgrade to a newer version of its operating system. These users can only protect themselves by disabling Java.
If you don’t use Java, you also should disable it. Even if you don’t have it installed, always get the latest security updates for your operating system and software, whether it’s from Microsoft, Apple, or any other company.
- 2