New Java Malware Strikes

Friday, April 27, 2012 @ 04:04 PM gHale


A new form of Java malware has a multifaceted approach as it can infect Apple and Windows machines, Symantec said.

A strain of Java Applet malware either drops a Python-based malware in Mac operating systems or an executable-form of malware in Windows computers, said Symantec researcher Takashi Katsuki. If opened, either form of malware could launch a Trojan that could trigger a back door on the computer, regardless of the platform.

RELATED STORIES
Flashback Variant Hits Macs
Malware Beat Down: Flashback on Wane
Attack Vector: Phishing Real or Phony?
Tool to Counter Cyber Threats

The malware exploits the Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability (CVE-2012-0507) to download the malware.

The Mac back door Trojan can currently only control polling times, or “how many times it gets commands from the server at certain time intervals,” Symantec said. If enabled however, the Trojan can also download files, list files and folders, open a remote shell, sleep or upload files.

The Trojan for Windows can send information about the infected computer and disk, its memory usage, OS version and user name, in addition to downloading and executing files and opening shells to receive commands.

The news of this malware comes on the heels of Flashback and SabPub, two forms of malware that have been targeting Mac users throughout the first quarter via another vulnerability in Java.

The vulnerability CVE-2012-0507 — an older Java flaw just blocked by Mozilla’s Firefox – saw use by some Flashback variants earlier this month, before Apple patched it.



Leave a Reply

You must be logged in to post a comment.