Exploit Determines OS, then Attacks

Thursday, July 12, 2012 @ 12:07 PM gHale


A new Web exploit can detect what operating system a potential victim is running and then drop a focused Trojan for the specific platform.

The attack was on a Columbian transport website, after third-party attackers compromised it, said researchers at antivirus provider F-Secure. The unidentified site then displayed a signed Java applet that checked if the user’s computer is running Windows, Mac OS X, or Linux. Based on the outcome, the attack then downloads the appropriate files for each platform.

RELATED STORIES
Disabled Auto-Run Saves Energy Firm
ICS-CERT: Attacks on Rise
Cyber Secure Device Certification
Robustness Testing: Saves Lives, Money

“All three files for the three different platforms behave the same way,” the researchers wrote in a blog post. “They all connect to 186.87.69.249 to get additional code to execute. The ports are 8080, 8081, and 8082 for OS X, Linux, and Windows respectively.”

The growing popularity of Macs has ushered in a rash of new malware attacks that target the platform. Reports of real-world attacks on the Linux operating system are less common, but they do happen, most notably those from last year that infected some of the top Linux developers. But single attacks that have the ability to infect any one of the three OSes are even more rare.

For such an advanced exploit, it was unable to infect modern Macs unless the user modified the machines to run software known as Rosetta. The software allows Macs using Intel processors to run applications written for Macs using PowerPC processors, which ended up phased out about five years ago. Rosetta no longer gets support on Lion, the most recent version of OS X.

Officials are aware of the hacked website and the server used to control infected machines, F-Secure said.



Leave a Reply

You must be logged in to post a comment.