Researchers at F-Secure have uncovered a new exploit that attempts to install a backdoor malware program on Windows, Linux, and OS X machines. As with other malware, this uses social engineering approaches to try tricking users, but in addition it runs a check to see what operating system the user is running and then issues a malware installer for that platform.
The attack was found on a Columbian transport Web site, where once visited, a Java applet would run using a self-signed certificate. On all platforms this certificate will flag a warning that notifies the user it is not from an authorized signing agency, but if the user continues to execute the Java applet then it will download a binary for the respective platform, which will connect to a server and download additional components of the attach, using TCP ports 8080 for OS X, 8081 for Linux, and 8082 for Windows.
A valid certificate such as this one from Bank of America will have indications of a valid signature, which can be investigated by clicking the secure connection indicator in Safari's address bar (or that of Firefox, Opera, or other Web browser you may be using).
(Credit: Screenshot by Topher Kessler/CNET)
While this type of approach is nothing... [Read more]
No comments:
Post a Comment