New Java Malware Forming

Friday, November 2, 2012 @ 09:11 AM gHale


There is a new Java backdoor Trojan called Jacksbot that is starting to make some in roads.

When it first came out, security researchers thought is was low risk because no computers suffered any infections, but that has changed, said officials at Trend Micro.

RELATED STORIES
Simple Works for Malware Writers
LinkedIn Emails lead to BlackHole
XSS Top Web Attack
Spam Leads to Blackhole Attack

In addition, since it is a Java application, Jacksbot can target multiple systems along with Windows, like Mac, Linux and any other OS that supports the Java Runtime Environment.

So far, experts found it on two computers – one in Malaysia and one in Australia –but this is just the beginning.

One of Jacksbot’s capabilities is to steal Minecraft passwords, which might also have something to do with the way it’s spread.

“There is a possibility that this malware presents itself as a Minecraft modification to unsuspecting users as it contains the special command ‘MC for stealing Minecraft passwords from the compromised system,” said Johanne Demetria, a threat response engineer at Trend Micro.

Demetria said Jacksbot is a remote access Trojan (RAT) because it’s capable of taking control of computers, and allow its master to execute various “backdoor commands.”

Although it can run on any platform that supports JRE, it appears the backdoor mainly focuses on Windows. Experts said the developers might be “testing the waters” for a multiplatform malware, but for the time being, judging by its code, it only works properly on Windows.

“Although there are only 2 infections right now, JACKSBOT and its kin may in fact be the next trend in the threat landscape considering the rapidly changing market. Additionally, it is likely that the authors will continue to improve the code to fully support infection for OS X and Linux,” Demetria said.



Leave a Reply

You must be logged in to post a comment.