Wednesday, 11 July 2012

Malware runs on OS X, Linux and Windows

Researchers at F-Secure discovered a backdoor-exploit program that can run on OS X, Windows, and Linux.

Always check certificates!
According to the F-Secure blog, the malware was found on a compromised Colombian transport company’s website. Visitors to the site would be prompted with a Java applet using a self-signed certificate. Fortunately, a warning appears on all platforms notifying users that the certificate is not from an official agency. Unfortunately, since most people have no idea what a certificate is, it matters very little.

After the user runs the applet, the program sniffs out the operating system and then downloads the appropriate content. For Mac users, the malware is written for PowerPC based Macs and won’t run on anything using an Intel processor, so unless you’re rocking a retro-mac or Rosetta, you’re probably safe.

This malware figures out which OS you're running,
then executes the proper code.
Overall, this malware is a pretty low threat, but does serve as a great reminder to always check certificates and never assume that just because you’re running Linux or OS X that you’re safe.

Update (7/13): Reports are out describing a new variant of this virus that can run on OS X Snow Leopard and Lion, even if Rosetta is not used -- so watch out!

No comments:

Post a Comment