Linux vulnerability found in Web exploit
- 11 July, 2012 22:33
- Comments
A hacked Colombian Transport website has been rigged to deliver a malware payload that is able to target Mac OS, Windows and even Linux systems, according to a report from F-Secure.
MORE SECURITY: Smartphone, tablet security and management guidelines on tap from NIST
Users will see a certificate warning, telling them that the website is attempting to run a signed applet with an invalid signature. If that warning is bypassed, F-Secure says, the malware checks the victim's computer, and downloads different malicious files based on what operating system it detects.
Regardless of what OS is present, however, the malware's subsequent behavior is the same -- it downloads additional files from a remote server and creates a backdoor on an infected machine. Interestingly, the Mac OS version is a PowerPC binary, which means that Intel-based Macs are immune in most cases.
According to the researchers, the backdoor may have been created with a freely available penetration testing suite known as the Social-Engineer Toolkit.
The malware, which F-Secure has dubbed GetShell.A, is unusual in a couple of ways. First, attacks against Linux are relatively rare in and of themselves. While some experts say that this is due largely to the framework's comparatively small user base -- at least, in terms of desktop users -- others argue that Linux is intrinsically more difficult to compromise than Mac OS and Windows. What's more, malware that targets multiple platforms at once is uncommon, though it does happen.
Nevertheless, CNET blogger Topher Kessler wrote that it's far from the most dangerous malware on the Web. He says that it's likely that the backdoor is the brainchild of less technically gifted hackers, and noted that the aforementioned PowerPC oversight would dramatically limit the malware's effectiveness against Macs.
Email Jon Gold at jgold@nww.com and follow him on Twitter at @NWWJonGold.
Read more about wide area network in Network World's Wide Area Network section.
- Bookmark this page
- Share this article
- Got more on this story? Email ARN
- Follow ARN on twitter
- Cloud and Co-Location Solutions
- Smart Cloud Provisioning: Low Cost and highly Scalable Entry Point into Cloud Computing
- Choice and Control: Considerations for Developing Enterprise Cloud Strategies
- MSP Guides for effective Endpoint Management Solutions
- New Gateway Anti-Malware Technology Sets the Bar for Web Threat Protection (Sponsored by McAfee)
- CITRIX SYNERGY ’13: Look beyond Cloud infrastructure, says Liang
- CITRIX SYNERGY ’13: Qureshi addresses the trend of ‘mojility’
- CITRIX SYNERGY ’13: IT needs to be empowered, says Sallam
- CITRIX SYNERGY ’13: Christiancen highlights the need for collaboration
- CITRIX SYNERGY ’13: Devices will change how people work, says Duursma
-
Attack on Telenor was part of large cyberespionage operation with Indian origins: report
-
Box buys iOS app to improve its own
-
Growing mobile malware threat swirls (mostly) around Android
-
Barracuda Networks raises free capacity of Copy.com to 15GB
-
Coke gives peace a chance ( +16 photos)
Get exclusive access to ARN's news, research and invitation only events. 
