{"id":3031,"date":"2011-01-20T07:45:43","date_gmt":"2011-01-20T07:45:43","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3031"},"modified":"2015-09-09T19:37:19","modified_gmt":"2015-09-09T11:37:19","slug":"java-based-cross-platform-malware-trojan-maclinuxwindows","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2011\/01\/java-based-cross-platform-malware-trojan-maclinuxwindows\/","title":{"rendered":"Java Based Cross Platform Malware Trojan (Mac\/Linux\/Windows)"},"content":{"rendered":"

It’s pretty rare to read about malware on the Linux<\/a> or Mac OSX<\/a> platforms and even more rare to read about cross-platform malware which targets both AND Windows by using Java.<\/p>\n

A neat piece of coding indeed, it targets vulnerabilities in all 3 operating systems – the sad thing? The malware itself is vulnerable to a basic directory traversal<\/a> exploit, which means rival gangs can actually commandeer the infected targets.<\/p>\n

They went to lengths to keep it secure and unseen (encrypted communications etc) – but didn’t program the malware itself securely…<\/p>\n

From the department of cosmic justice comes this gem, spotted by researchers from Symantec: a trojan that targets Windows, Mac, and Linux computers contains gaping security vulnerabilities that allow rival criminal gangs to commandeer the infected machines.<\/p>\n

Known as Trojan.Jnanabot, or alternately as OSX\/Koobface.A or trojan.osx.boonana.a, the bot made waves in October when researchers discovered its Java-based makeup allowed it to attack Mac and Linux machines, not just Windows PCs as is the case with most malware. Once installed, the trojan components are stored in an invisible folder and use strong encryption to keep communications private.<\/p>\n

The bot can force its host to take instructions through internet relay chat, perform DDoS attacks, and post fraudulent messages to the victim’s Facebook account, among other things.<\/p>\n

Now, Symantec researchers have uncovered weaknesses in the bot’s peer-to-peer functionality that allow rival criminals to remotely steal or plant files on the victim’s hard drive. That means the unknown gang that took the trouble to spread the infection in the first place risks having their botnet stolen from under their noses.<\/p>\n

\u201cEven though it’s encrypted and even though it was written in Java to make it cross-platform, it was still vulnerable to basically a directory transversal exploit,\u201d Dean Turner, director of Symantec’s Global Intelligence Network, told The Reg. \u201cFrom a technical perspective, it goes to show that even if you have all those things where you’re building in a secure platform, if you’re not building application security into your malware, other bad guys will probably take advantage of it.\u201d<\/p><\/blockquote>\n

It’s somewhat of an odd decision though, in terms of numbers obviously Windows machines far outnumber Linux and OSX desktop installations. On the web-server front perhaps Linux is a valuable target – but on consumer desktops? Is it really worth the effort for malware creators to make cross-platform trojans? Personally I don’t think it is, maybe it was just an experiment.<\/p>\n

The number of Apple machines is certainly growing, the next big market we are going to see is tablets and smartphones I believe. I’d be on the lookout for more iOS<\/a> and Android<\/a> worms\/trojans in coming months.<\/p>\n

A self-replicating stealthy Android trojan with a previously unpatched zero-day remote root exploit could be devastating.<\/p>\n