Earlier this week security company F-Secure uncovered a new Web-based malware attack that uses Java to identify and distribute platform-specific malware binaries to OS X, Windows, and Linux installations. In the company's first findings, the malware being issued for OS X was a PowerPC binary, which prevented it from running on many Macs using Snow Leopard and Lion; however, new developments have unveiled an x86 binary for the malware.
This new variant of the malware is essentially the same as the previous findings, with the exception that it will run on Lion and Snow Leopard systems without the need for Rosetta. As with the previous findings, the new malware is installed by visiting a rogue Web site that runs a small Java applet. This applet first checks the system for the platform being used, and then connects to a remote server using port 8080 for OS X, 8081 for Linux, and this time port 443 for Windows (previously it used port 8082), and downloads a platform-specific malware binary. This binary then sets up a backdoor in the system that allows remote access from a hacker.
No comments:
Post a Comment