Attackers Jump at Cross-Platform Flaws

Thursday, August 2, 2012 @ 05:08 PM gHale


Even though Windows and Mac remain well separated as platforms, there are a number of applications that run on both operating systems, including things such as Adobe Flash, Reader and Java.

Attackers and malware writers, like any other specialists, are focusing their skills in one discipline in order to maximize their chances for success.

RELATED STORIES
Critical IE Attack Code Available
Microsoft FixIt For XML Hole
Attack: IE Zero Day
RTFs Fall Victim to APTs

Attackers, not wanting to waste any time on small target bases and looking to maximize their profits, are focusing their efforts on vulnerabilities in these applications.

Knowing that, Microsoft researchers analyzed a series of malware samples and exploits and found some attackers are beginning to target the same vulnerability across multiple platforms as a way to make the most out of their efforts.

Microsoft researchers looked at a specific set of vulnerabilities found in applications on Windows and Mac OS X and found some attackers are going after flaws from as far back as 2009 in Office documents, and 2010 in Flash and Java and Reader.

“This observation is limited and based on the samples we identified, acquired and processed, however, this understanding provides us with an opportunity to recognize a trend we can describe as economies of scale in cross-platform vulnerabilities. This method of distribution allows the attacker to maximize their capability on multiple platforms. Thus, regardless of a particular attacker’s motive, the value and demand for these vulnerabilities is likely to persist – we know for a fact that Java vulnerabilities CVE-2011-3544 and CVE-2012-0507 are widely used by cybercriminals’ in exploit kits, such as Blacole/Blackhole,” said Methusela Cebrian Ferrer of the Microsoft Malware Protection Center.

Microsoft’s investigation of the way attackers are using cross-platform vulnerabilities began about a year ago when the company’s researchers came across a backdoor aimed at Mac users. The malware disguised itself as a Google app on the infected machine and then initiated a remote connection to a command-and-control server.

“Once connected, the remote attacker may take advantage of the backdoor file management feature which allows it to upload, download and navigate through files and directory. For more detail, have a look at the Backdoor:MacOS_X/Olyx.A description in our encyclopedia,” Ferrer said.



Leave a Reply

You must be logged in to post a comment.