Researchers at F-Secure discovered a backdoor-exploit
program that can run on OS X, Windows, and Linux.
 |
| Always check certificates! |
According to the F-Secure blog, the malware was found on a
compromised Colombian transport company’s website. Visitors to the site would
be prompted with a Java applet using a self-signed certificate. Fortunately, a
warning appears on all platforms notifying users that the certificate is not
from an official agency. Unfortunately, since most people have no idea what a
certificate is, it matters very little.
After the user runs the applet, the program sniffs out the
operating system and then downloads the appropriate content. For Mac users, the
malware is written for PowerPC based Macs and won’t run on anything using an
Intel processor, so unless you’re rocking a retro-mac or Rosetta, you’re
probably safe.
 |
| This malware figures out which OS you're running, then executes the proper code. |
Overall, this malware is a pretty low threat, but does serve
as a great reminder to always check certificates and never assume that just
because you’re running Linux or OS X that you’re safe.
Update (7/13): Reports are out describing a new variant of this virus that can run on OS X Snow Leopard and Lion, even if Rosetta is not used -- so watch out!
Update (7/13): Reports are out describing a new variant of this virus that can run on OS X Snow Leopard and Lion, even if Rosetta is not used -- so watch out!
No comments:
Post a Comment