Cross-platform Trojan Attacks Windows, Mac, Linux

For discussions about security.
Message
Author
User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

Cross-platform Trojan Attacks Windows, Mac, Linux

#1 Post by Flash »

Cross-platform Trojan checks your OS: Attacks Windows, Mac, Linux
...The new Web-based social engineering attack, first detected on a compromised website in Colombia, relies on a malicious Java applet to install backdoors on Windows, Mac, and Linux computers. When you first visit such a compromised site, you are prompted to install the Java applet, which unsurprisingly hasn't been signed with a certificate. If you do so, the applet checks which operating system you have (Windows, Mac OS X, or Linux) and then drops a corresponding Trojan for your platform...

...[Which has] one purpose: to connect to a Command and Control (C&C) server and await further instructions. These typically include downloading additional malware and executing it. The security company did note, however, that ever since it began monitoring this particular attack, the C&C server hasn't pushed any additional code. That being said, it could technically do so at any time.

It appears that the Trojan downloader was written using the Social-Engineer Toolkit (SET), an open-source and publicly-available Python tool designed for penetration testing. It is very unlikely that this is a penetration test.

Malware writers love using a cross-platform plugin as an attack vector because it allows them to target more than one operating system, and thus more potential users. It shouldn't surprise you that Java is being used: the platform has loads of security holes, and it runs on all the major operating systems.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#2 Post by nooby »

F-Secure, which first found the Web exploit, detects the
initial malware as Trojan-Downloader:Java/GetShell.A.
The respective payloads for Windows, Mac, and Linux
are detected as follows:
Backdoor:W32/GetShell.A,
Backdoor:OSX/GetShell.A (PowerPC binary,
requires Rosetta on an Intel-based platform), and
Backdoor:Linux/GetShell.A.
My naive question. How do I know if I have java or not?
What are they talking about in the quote I make here above?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#3 Post by Barkin »

nooby wrote:My naive question. How do I know if I have java or not?
http://javatester.org/enabled.html

In Puppy you have to install Java JRE

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#4 Post by nooby »

Thanks I did a bookmark to that test and I seems to not have the java.
I most likely confuse it with Python language. Maybe python require java?
Hope I am not derailing. So how does one protect onself from this
cross platform threat then?

Thanks to Flash for the link.
I use Google Search on Puppy Forum
not an ideal solution though

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#5 Post by disciple »

No, Python does not require Java.
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

bark_bark_bark
Posts: 1885
Joined: Tue 05 Jun 2012, 12:17
Location: Wisconsin USA

#6 Post by bark_bark_bark »

this can't be good.
....

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#7 Post by Barkin »

nooby wrote: So how does one protect onself from this
cross platform threat then?
If you haven't installed Java JRE you are not vulnerable to this exploit, Java JRE is the cross-platform environment it uses.

If you have installed Java JRE you can drastically lower the odds of such exploits by using NoScript where you have to give permission for a webpage to run Java applets.

Another solution would be to browse the internet with a version of puppy which is not saved after use, (e.g. from DVD-R disc) : a pristine version is loaded every time you boot it up.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#8 Post by nooby »

Java Run Env (JRE) seems to be needed by LibreOffice
Which other programs need it?

http://murga-linux.com/puppy/viewtopic.php?t=77821
JRE or JAVA PETs issues in Puppy LInux distros
So if a Puppy has LibreOffice from scratch then most likely
it also has JRE/Java? On all the others one need to install
it first. Ooops just my wild guess though
Last edited by nooby on Fri 13 Jul 2012, 10:46, edited 1 time in total.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Makoto
Posts: 1665
Joined: Fri 04 Sep 2009, 01:30
Location: Out wandering... maybe.

#9 Post by Makoto »

Last I checked, OpenOffice/LibreOffice didn't absolutely require Java - it's needed to run Calc and some other functions, but not everything. The maintainers do their level best to recommend Java be installed, though, of course.

I know Java has a Control Panel applet on Windows that allows you to change the settings, including the security settings. Can we do that on Linux? I think I saw a setting to disallow unsigned (no certificate) Java apps... of course, I'm probably wrong. :|
[ Puppy 4.3.1 JP, Frugal install ] * [ XenialPup 7.5, Frugal install ] * [XenialPup 64 7.5, Frugal install] * [ 4GB RAM | 512MB swap ]
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#10 Post by disciple »

Makoto wrote:Last I checked, OpenOffice/LibreOffice didn't absolutely require Java - it's needed to run Calc and some other functions
Not Calc - Base, which is the openoffice alternative to MS Access. So most people would never use it.
But I thought Libreoffice was getting rid of that dependence on Java?
Last edited by disciple on Fri 13 Jul 2012, 15:46, edited 1 time in total.
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

User avatar
Makoto
Posts: 1665
Joined: Fri 04 Sep 2009, 01:30
Location: Out wandering... maybe.

#11 Post by Makoto »

I don't use it enough to remember the name at all times. :)

As for trying to remove or lessen its dependence upon Java, I don't know... I haven't heard anything about it. :oops: I've always thought Base was heavily dependent upon Java, so it'd be rather difficult to separate it. :|
[ Puppy 4.3.1 JP, Frugal install ] * [ XenialPup 7.5, Frugal install ] * [XenialPup 64 7.5, Frugal install] * [ 4GB RAM | 512MB swap ]
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#12 Post by disciple »

Ah:
LibreOffice contains various pieces of code written in Java. Some of these pieces are currently being replaced/rewritten, but it is likely that LibreOffice will contain Java code for quite some time.
...
Some think java is a slow memory hog, others think it is a legal swamp that invites lawsuits. Neither might be true, but some developers have nevertheless expressed their desire to remove Java usage in LO over time.
http://wiki.documentfoundation.org/Development/Java
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

ICPUG
Posts: 1308
Joined: Mon 25 Jul 2005, 00:09
Location: UK

#13 Post by ICPUG »

disciple wrote:
Makoto wrote:Last I checked, OpenOffice/LibreOffice didn't absolutely require Java - it's needed to run Calc and some other functions
Not Calc - Base, which is the openoffice alternative to MS Exchange. So most people would never use it.
But I thought Libreoffice was getting rid of that dependence on Java?
The level of incorrrect statements put forward as facts is bewildering.

Base is the OpenOffice/LibreOffice alternative to Microsoft's dataBASE Access. (The clue is in the name). MS Exchange is a server for e-mail, calenders, to-do lists etc.

As such Base might be used by quite a few people, certainly people here in the past have asked for a Database.

I think, on Windows at least, that Java may be needed to display LibreOffice help without being connected to the internet. Not sure if this is the same for Linux.

The op mentions that the user is prompted to install the malicious Java applet. The solution then is to 'just say no'. No problem for Puppy users then, who usually have more than half a brain.

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#14 Post by disciple »

Oh dear, I can't believe I wrote that :oops:
I know I've done too many 18 hour days lately, but that's shocking...
Yes, Access.
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

User avatar
Makoto
Posts: 1665
Joined: Fri 04 Sep 2009, 01:30
Location: Out wandering... maybe.

#15 Post by Makoto »

Yeah, I should have been paying attention, too... in my defense, though, I came home at about 11, last night, and was probably running on autopilot for a few hours. :oops:
[ Puppy 4.3.1 JP, Frugal install ] * [ XenialPup 7.5, Frugal install ] * [XenialPup 64 7.5, Frugal install] * [ 4GB RAM | 512MB swap ]
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#16 Post by Lobster »

... in my defense
I have no defense.

http://puppylinux.org/wikka/privacy

I regularly make a complete prawn of myself. :oops:
More java independence is coming with LibreOffice. I only needed it for 'Presentation' on the audio side. If just using the WP no need and if doing general purpose presentations again, no need.

I hardly ever install Java in Puppy but in the future this may change.
I am beginning to believe we will have to be Android compatible in the future . . .

There are far more serious attacks coming from javascript (a different language) and rogue web sites. Do you visit pron sites, pirate bay or really dodgy destinations? . . . not even sure what those are . . . maybe 'bank hacking' for non legal criminality? Don't know.

You might have to start using a semi proxy to overcome internet restrictions by the UK gov and their freedom fighting cohorts
http://help.opera.com/Linux/10.63/en/turbo.html

Then you can join the party of your choice - ooh arrr!
http://en.wikipedia.org/wiki/Pirate_Party

Puppy Linux
Free at point of Access
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#17 Post by Barkin »

Scroogle is mentioned on that page but is no more :¬(

Googlesharing is worth a try on FireFox if you want to do a google search without being tracked, (although probably just a matter of time before Google puts a stop to that too ). Use SSL google ... https://encrypted.google.com/ with Googlesharing then the proxy doesn't know what you are Googling for either.

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#18 Post by Lobster »

Thanks Barkin,

I was going to remove it but sometimes we need to know
that Google is partly geek hero and partly evil spookville.

Many thanks for update and now back to the cyber trojan wars
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#19 Post by disciple »

Lobster wrote:I hardly ever install Java in Puppy but in the future this may change.
I am beginning to believe we will have to be Android compatible in the future . . .
Better look into installing Dalvik on Puppy then. Old fashioned Java won't help you.
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#20 Post by disciple »

[quote="ICPUG]Base might be used by quite a few people, certainly people here in the past have asked for a Database.[/quote]
True, but I would be very surprised if the number of people using it would be anywhere near the number of people using spreadsheets. Although personally I think a lot more people should use databases. I'm an engineer, and we use spreadsheets all the time. But in most cases they are really the wrong tool for the job - we should be using either a database or a proper programming language/tool.
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

Post Reply