Security experts from F-Secure have discovered an online exploit which detects the OS of the machine and drops a different trojan to match. The first attack of this malware was registered on a Columbian transport website that had been hacked by a 3rd party. This is quite a new approach to hacking activity, allowing to target any computer, regardless of the operating system it runs.
Afterwards, the unidentified website displayed a signed Java applet that checks if the targeted PC is running Windows, Linux, or Mac OS X. Meanwhile, it turned out that this clever bit of the code has been lifted from an open source tool kit created by Dave Kennedy, a security researcher and president of TrustedSec. Of course, he didn’t intend to do anything nasty when writing it.
According to F-Secure, all 3 files for the different platforms are connecting to 186.87.69.249 in order to get additional code to execute through the ports 8080, 8081, and 8082 respectively for OS X, Linux, and Windows.
While Apple has been being turned over for a while now, the reports of real-world attacks on Linux OS are still less common. Moreover, single attacks able to infect any of the three operating systems are even rarer.
Fortunately for Apple users, the exploit can only infect modern Macs which have been modified to run the application called Rosetta. The latter was developed in such a way so that Macs using Intel processors could run applications designed for PowerPC processors. Meanwhile, Rosetta isn’t supported on Lion – the most recent version of OS X.
In other words, the intruders’ knowledge of Macs is definitely limited, but they still have a stab at it.
Afterwards, the unidentified website displayed a signed Java applet that checks if the targeted PC is running Windows, Linux, or Mac OS X. Meanwhile, it turned out that this clever bit of the code has been lifted from an open source tool kit created by Dave Kennedy, a security researcher and president of TrustedSec. Of course, he didn’t intend to do anything nasty when writing it.
According to F-Secure, all 3 files for the different platforms are connecting to 186.87.69.249 in order to get additional code to execute through the ports 8080, 8081, and 8082 respectively for OS X, Linux, and Windows.
While Apple has been being turned over for a while now, the reports of real-world attacks on Linux OS are still less common. Moreover, single attacks able to infect any of the three operating systems are even rarer.
Fortunately for Apple users, the exploit can only infect modern Macs which have been modified to run the application called Rosetta. The latter was developed in such a way so that Macs using Intel processors could run applications designed for PowerPC processors. Meanwhile, Rosetta isn’t supported on Lion – the most recent version of OS X.
In other words, the intruders’ knowledge of Macs is definitely limited, but they still have a stab at it.
No comments:
Post a Comment