F-Secure Warns of New Multi-Platform Web Exploit

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Researchers at F-Secure have uncovered a new Web-based attack that installs backdoors on Windows, Linux and Mac OS X computers.

"The attack was detected on a compromised website in Colombia, F-Secure senior analyst Karmina Aquino, said in a blog post on Monday," writes Computerworld's Lucian Constantin. "When users visit the site, they are prompted to run a Java applet that hasn't been signed by a trusted certificate authority. If allowed to run, the applet checks which operating system is running on the user's computer -- Windows, Mac OS X or Linux -- and drops a malicious binary file for the corresponding platform. The files are detected by F-Secure as 'Backdoor:OSX/GetShell.A,' 'Backdoor:Linux/GetShell.A' and 'Backdoor:W32/GetShell.A.'"

"The growing popularity of Macs has ushered in a rash of new malware attacks that target the platform, most notably the Flashback menace, which infected more than 650,000 machines," writes Ars Technica's Dan Goodin. "Reports of real-world attacks on the Linux operating system are less common, but they do happen, most notably those from last year that infected some of the top Linux developers. But single attacks that have the ability to infect any one of the three OSes are even more rare."

"While the Windows and Linux binaries that are downloaded will run on those platforms, the OS X version is a PowerPC binary so it will not run on any Intel-based Mac without Rosetta," writes CNET News' Topher Kessler. "While Apple included Rosetta in OS X Leopard, it is an optional download for Snow Leopard, and was removed entirely in Lion. Therefore, this malware will not run on systems with Lion or Snow Leopard without Rosetta. Mac security company Intego also notes that the malware was thrown together with readily available tools such as MetaSploit, which indicates the attack authors are not particularly technically savvy individuals."