Multiplatform Java botnet spotted in the wild
Posted on 05.05.2011
Cross-platform malware is still a rare occurrence, so when it's detected, it usually attracts more attention than the malware engineered to affect only one particular platform.

A recent one, detected by McAfee and "named" IncognitoRAT attacks both Windows and Mac OS users. So, how does it manage to do it?

"IncognitoRAT is one example of a Java-based Trojan discovered in the wild that is being downloaded and installed by another component. This malware behaves like other Windows botnets but uses source code and libraries that can operate on other platforms," explains McAfee's Carlos Castillo.

"The original propagation vector of IncognitoRAT is a Windows executable, but apparently it was created using the tool JarToExe, which includes, among other features, the ability to convert .jar files into .exe files, to add program icons and version information, and protect and encrypt Java programs.

Once the .jar file is converted, it is executed and downloads a number of Java-based libraries that allow the attacker to remotely control the keyboard and mouse of the affected computer, to play MP3 files and videos, to record images taken by the computer's webcam, and to send stolen information to a predefined email account.

A .jar component dropped by the downloader makes sure that the principal malware - which performs the actions mentioned above, and more - is executed. But, the thing that really caught the researchers' attention is the fact that the botnet created by these infected machines might be able to crash the machines and apparently show a curious message to the user:


"According to public information, this malicious code is available for Windows, Mac OS X, and iPhone/iPad (the last only to control infected computers)," remarks Castillo. "However, we’ve seen only the PC version in a downloader/dropper in the wild."






Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //