Page 1 of 2
Cross-platform Trojan Attacks Windows, Mac, Linux
Posted: Wed 11 Jul 2012, 23:40
by Flash
Cross-platform Trojan checks your OS: Attacks Windows, Mac, Linux...The new Web-based social engineering attack, first detected on a compromised website in Colombia, relies on a malicious Java applet to install backdoors on Windows, Mac, and Linux computers. When you first visit such a compromised site, you are prompted to install the Java applet, which unsurprisingly hasn't been signed with a certificate. If you do so, the applet checks which operating system you have (Windows, Mac OS X, or Linux) and then drops a corresponding Trojan for your platform...
...[Which has] one purpose: to connect to a Command and Control (C&C) server and await further instructions. These typically include downloading additional malware and executing it. The security company did note, however, that ever since it began monitoring this particular attack, the C&C server hasn't pushed any additional code. That being said, it could technically do so at any time.
It appears that the Trojan downloader was written using the Social-Engineer Toolkit (
SET), an open-source and publicly-available Python tool designed for penetration testing. It is very unlikely that this is a penetration test.
Malware writers love using a cross-platform plugin as an attack vector because it allows them to target more than one operating system, and thus more potential users. It shouldn't surprise you that Java is being used: the platform has loads of security holes, and it runs on all the major operating systems.
Posted: Thu 12 Jul 2012, 08:00
by nooby
F-Secure, which first found the Web exploit, detects the
initial malware as Trojan-Downloader:Java/GetShell.A.
The respective payloads for Windows, Mac, and Linux
are detected as follows:
Backdoor:W32/GetShell.A,
Backdoor:OSX/GetShell.A (PowerPC binary,
requires Rosetta on an Intel-based platform), and
Backdoor:Linux/GetShell.A.
My naive question. How do I know if I have java or not?
What are they talking about in the quote I make here above?
Posted: Thu 12 Jul 2012, 08:14
by Barkin
Posted: Thu 12 Jul 2012, 10:45
by nooby
Thanks I did a bookmark to that test and I seems to not have the java.
I most likely confuse it with Python language. Maybe python require java?
Hope I am not derailing. So how does one protect onself from this
cross platform threat then?
Thanks to Flash for the link.
Posted: Thu 12 Jul 2012, 11:16
by disciple
No, Python does not require Java.
Posted: Thu 12 Jul 2012, 11:50
by bark_bark_bark
this can't be good.
Posted: Thu 12 Jul 2012, 21:26
by Barkin
nooby wrote: So how does one protect onself from this
cross platform threat then?
If you haven't installed
Java JRE you are not vulnerable to this exploit, Java JRE is the cross-platform environment it uses.
If you have installed Java JRE you can drastically lower the odds of such exploits by using
NoScript where you have to give permission for a webpage to run
Java applets.
Another solution would be to browse the internet with a version of puppy which is not saved after use, (e.g. from DVD-R disc) : a pristine version is loaded every time you boot it up.
Posted: Fri 13 Jul 2012, 06:18
by nooby
Java Run Env (JRE) seems to be needed by LibreOffice
Which other programs need it?
http://murga-linux.com/puppy/viewtopic.php?t=77821
JRE or JAVA PETs issues in Puppy LInux distros
So if a Puppy has LibreOffice from scratch then most likely
it also has JRE/Java? On all the others one need to install
it first. Ooops just my wild guess though
Posted: Fri 13 Jul 2012, 07:01
by Makoto
Last I checked, OpenOffice/LibreOffice didn't absolutely
require Java - it's needed to run Calc and some other functions, but not everything. The maintainers do their level best to recommend Java be installed, though, of course.
I know Java has a Control Panel applet on Windows that allows you to change the settings, including the security settings. Can we do that on Linux? I think I saw a setting to disallow unsigned (no certificate) Java apps... of course, I'm probably wrong.
Posted: Fri 13 Jul 2012, 07:30
by disciple
Makoto wrote:Last I checked, OpenOffice/LibreOffice didn't absolutely require Java - it's needed to run Calc and some other functions
Not Calc - Base, which is the openoffice alternative to MS Access. So most people would never use it.
But I thought Libreoffice was getting rid of that dependence on Java?
Posted: Fri 13 Jul 2012, 07:58
by Makoto
I don't use it enough to remember the name at all times.
As for trying to remove or lessen its dependence upon Java, I don't know... I haven't heard anything about it.
I've always thought Base was heavily dependent upon Java, so it'd be rather difficult to separate it.
Posted: Fri 13 Jul 2012, 11:18
by disciple
Ah:
LibreOffice contains various pieces of code written in Java. Some of these pieces are currently being replaced/rewritten, but it is likely that LibreOffice will contain Java code for quite some time.
...
Some think java is a slow memory hog, others think it is a legal swamp that invites lawsuits. Neither might be true, but some developers have nevertheless expressed their desire to remove Java usage in LO over time.
http://wiki.documentfoundation.org/Development/Java
Posted: Fri 13 Jul 2012, 12:19
by ICPUG
disciple wrote:Makoto wrote:Last I checked, OpenOffice/LibreOffice didn't absolutely require Java - it's needed to run Calc and some other functions
Not Calc - Base, which is the openoffice alternative to MS Exchange. So most people would never use it.
But I thought Libreoffice was getting rid of that dependence on Java?
The level of incorrrect statements put forward as facts is bewildering.
Base is the OpenOffice/LibreOffice alternative to Microsoft's dataBASE Access. (The clue is in the name). MS Exchange is a server for e-mail, calenders, to-do lists etc.
As such Base might be used by quite a few people, certainly people here in the past have asked for a Database.
I think, on Windows at least, that Java may be needed to display LibreOffice help without being connected to the internet. Not sure if this is the same for Linux.
The op mentions that the user is prompted to install the malicious Java applet. The solution then is to 'just say no'. No problem for Puppy users then, who usually have more than half a brain.
Posted: Fri 13 Jul 2012, 15:47
by disciple
Oh dear, I can't believe I wrote that
I know I've done too many 18 hour days lately, but that's shocking...
Yes, Access.
Posted: Fri 13 Jul 2012, 16:40
by Makoto
Yeah, I should have been paying attention, too... in my defense, though, I came home at about 11, last night, and was probably running on autopilot for a few hours.
Posted: Sat 14 Jul 2012, 07:56
by Lobster
... in my defense
I have no defense.
http://puppylinux.org/wikka/privacy
I regularly make a complete prawn of myself.
More java independence is coming with LibreOffice. I only needed it for 'Presentation' on the audio side. If just using the WP no need and if doing general purpose presentations again, no need.
I hardly ever install Java in Puppy but in the future this may change.
I am beginning to believe we will have to be Android compatible in the future . . .
There are far more serious attacks coming from javascript (a different language) and rogue web sites. Do you visit pron sites, pirate bay or really dodgy destinations? . . . not even sure what those are . . . maybe 'bank hacking' for non legal criminality? Don't know.
You might have to start using a semi proxy to overcome internet restrictions by the UK gov and their freedom fighting cohorts
http://help.opera.com/Linux/10.63/en/turbo.html
Then you can join the party of your choice - ooh arrr!
http://en.wikipedia.org/wiki/Pirate_Party
Puppy Linux
Free at point of Access
Posted: Sat 14 Jul 2012, 08:08
by Barkin
Scroogle is mentioned on that page but is no more :¬(
Googlesharing is worth a try on FireFox if you want to do a google search without being tracked, (although probably just a matter of time before Google puts a stop to that too ). Use SSL google ...
https://encrypted.google.com/ with Googlesharing then the proxy doesn't know what you are Googling for either.
Posted: Sat 14 Jul 2012, 08:32
by Lobster
Thanks Barkin,
I was going to remove it but sometimes we need to know
that Google is partly geek hero and partly evil spookville.
Many thanks for update and now back to the cyber trojan wars
Posted: Sat 14 Jul 2012, 10:37
by disciple
Lobster wrote:I hardly ever install Java in Puppy but in the future this may change.
I am beginning to believe we will have to be Android compatible in the future . . .
Better look into installing Dalvik on Puppy then. Old fashioned Java won't help you.
Posted: Mon 16 Jul 2012, 22:27
by disciple
[quote="ICPUG]Base might be used by quite a few people, certainly people here in the past have asked for a Database.[/quote]
True, but I would be very surprised if the number of people using it would be anywhere near the number of people using spreadsheets. Although personally I think a lot more people should use databases. I'm an engineer, and we use spreadsheets all the time. But in most cases they are really the wrong tool for the job - we should be using either a database or a proper programming language/tool.