| Web Attack Installs Backdoors On Windows, Linux & Mac Boxen An interesting multi-platform attack...
Java-based Web attack installs backdoors on Windows, Linux, Mac computers:
A new Web-based social engineering attack that relies on malicious Java applets attempts to install backdoors on Windows, Linux and Mac computers, according to security researchers from antivirus vendors F-Secure and Kaspersky Lab.
The attack was detected on a compromised website in Colombia, F-Secure senior analyst Karmina Aquino, said in a blog post on Monday. When users visit the site, they are prompted to run a Java applet that hasn't been signed by a trusted certificate authority.
If allowed to run, the applet checks which operating system is running on the user's computer -- Windows, Mac OS X or Linux -- and drops a malicious binary file for the corresponding platform.
The files are detected by F-Secure as "Backdoor:OSX/GetShell.A," "Backdoor:Linux/GetShell.A" and "Backdoor:W32/GetShell.A." Their purpose is to connect to a command-and-control server and look for additional malicious code to download and execute.
However, since F-Secure researchers began monitoring the attack, the remote control server hasn't pushed any additional code, Aquino said.
It appears that the attack uses the Social Engineer Toolkit (SET), a publicly available tool designed for penetration testers, Aquino said Tuesday via email. However, the chances of this being a penetration test sanctioned by the website's owner are relatively low.
"I don't think it's a penetration test," Costin Raiu, director of the global research and analysis team at antivirus vendor Kaspersky Lab, said Tuesday via email.
Kaspersky's researchers are monitoring two separate websites that contain this malware, Raiu said. One is the Colombian website also found by F-Secure, while the second belongs to a water park in Barcelona, Spain.
Kaspersky's researchers are in the process of analyzing the backdoor-type malware downloaded by the malicious shell code on Windows and Linux.
"The Win32 backdoor is large, about 600KB; the Linux backdoor is over 1MB in size," Raiu said. "Both appear to contact very complex code which communicates encrypted with other servers." |
|
|
After having read this Topic hopefully everyone had the common sense to check to see that Java applets can not enter their systems un-noticed....
|
|
|
|
 sivranOpera convertPremium
join:2003-09-15
Arlington, TX
kudos:1 | reply to FF4m3
I have Java disabled in my web browsers since I don't use any websites that need it. |
|
|
SIVRAN:
Hey, thats great......nice to see that someone is actually doing something.
my hats off to you for being security minded.
|
|
| reply to The Snowman
said by The Snowman: After having read this Topic hopefully everyone had the common sense to check to see that Java applets can not enter their systems un-noticed....
How does one do this?
--
GuruGuy |
|
|
In the java console under the advanced tab there is a security option, uncheck items like "allow untrusted certs" and such, there is a few options to set and a couple to allow alerts or prompts.
|
|
| reply to FF4m3
Well,All kinds if web attacks due to we don't have an antivirus in our systems..»www.free-antivirus.co/ |
|
| reply to GuruGuy
GuruGuy:
You have my sincere respect for asking your question.....its always a pleasure to see a person helping them selfs.
_____________________
INTERNET EXPLORE
The following is related to INTERNET EXPLORE::::::
ZONES
Internet Explore has (4) Zones and (!) hidden Zone........since the average person does not see the hidden zone they rarely even know that it does exist.
Applet Settings:
Go to each Zone by using "Tools"....."Internet Options"....an once there locate and open the "Security Tab".......an then locate and open "Custom Level "...then go to near the bottom of the Window you just opened in Custom Level an locate :
"scripting of java applets"
once you locate this setting you can pick the correct box......you can "dis-able java applets"......or set it to "Prompt"
Be certain to Click "apply" and then close the window.
Thats all there is to it......you are all done.......
_________________
Hidden Zone:
Is the Interanet Zone......it can only be seen by tweaking the registry.
______________
Okay Internet Explore is now covered an perhaps someone else can comment on other Browsers. There are so many that I am not "up" on all of them an its best that someone who really knows "their's" comment on its settings.
________________
norwegian thank you for commenting.....your info will be most helpful. |
|
 AVDRespice, Adspice, ProspicePremium
join:2003-02-06
Onion, NJ
kudos:1 | reply to Brian Andrew
said by Brian Andrew :Well,All kinds if web attacks due to we don't have an antivirus in our systems..httx://www.[REDACTED BY AVD].co/
does the software offered in the colombian website you posted actually block the exploit?
--
--Standard disclaimers apply.--
The preceding posting is null and void in Arizona and any other jurisdiction where prohibited by law. |
|
| reply to FF4m3
Java is not installed on my Mac.
I have no plugin for my only browser Safari.
TA
--
quod erat demonstrandum |
|
| said by TheAnalyzer:Java is not installed on my Mac.
I have no plugin for my only browser Safari. Good plan. Java is not installed into any of my OSes as I don't need it at all. |
|
2 edits | reply to TheAnalyzer
TA::::
Well hey there old friend.....so nice to be hearing from you.........an not surprised at all that you do not use java......you are a smart person that often stands ABOVE the Crowd.........good for you.
_________________
FF4m3:::
An it does not surprise me that you do not use java......good show.
|
|
| reply to FF4m3
Fear, uncertainty and doubt. M$ should try harder and "find" infected Mac OS or Linux users. |
|
