Sophos Cloud Optix
Most of the malware that we analyse inside SophosLabs targets Windows users.
And that makes sense for the cybercriminals – after all, more people are using Windows as their desktop operating system than any other platform.
But if malicious hackers want to go the extra mile, and maximise their chances of infecting more people’s computers, they might well try to develop a multi-platform attack.
Yesterday, our friends at F-Secure discovered malware on a compromised Colombian transport website that was capable of infecting Windows, Mac and Linux users.
Visiting a hacked webpage, triggers a JAR (Java Archive) file which will ask permission to do its business – secretly determining if you are running Windows, Mac OS X or Linux.
Once it has found out which operating system you are running, the Java class file will download the appropriate flavour of malware, with the intention of opening a backdoor that will give hackers remote access to your computer.
Sophos products detect the various components of the attack as Troj/JavaDl-NJ, Mal/Krap-D, OSX/Dloadr-DPG and Linux/Dldr-GV.
This isn’t, of course, the first cross-platform malware that we have seen. For instance, in 2010 we saw the Boonana malware which similarly used a malicious Java applet to deliver a cross-platform attack that attempts to download further malware on Windows, Unix and Mac OS X.
And earlier this year we saw a Python-based malware attack against both Macs and Windows PCs. Not to mention the numerous fake anti-virus attacks which have been created to infect the computers of Windows and Mac users alike.
Although the amount of malware written for different operating systems can vary, it’s becoming increasingly hard to argue on any OS that it’s safe to surf the web without anti-virus protection.
Isn't that the mantra of Java – write once, infect anywhere? :o)
That pretty much says it all.
Hmph! About time there's some equal oppertunity malware.
Disable Java in your browser… Simple… No?
It can help although that is only a short term solution. By doing so you limit your potential on the Web. However it does offer a good temporary problem fixing whilst eliminating the threat.
Another sophos scaremonger ! You are not safe from any OS get sophos installed !
a user has to be prompted with a confirmation before this can happen..so what
It was only a matter of time until more multiplatform malware came
The article is neutral and deals with facts only.
He acknowledges F-Secure as the product that originally identified the threat.
This hardly seems like a scaremongering exercise by Sophos.
Furthermore my computer has never been infected by another OS, only viruses, intruders, spyware, trojans & adware.
I would prefer being told about the threats so I can protect my computer in whatever way I choose.
As a long time Linux user I have always maintained that Linux is just as prone to infestation as any other OS. Right now it is a very small target, that's all.
The "Linux is simply too trifling a target to bother attacking" was debunked a long time ago. See here:
http://www.theregister.co.uk/2004/10/22/security_…
It's surprising that you, "as a long time Linux user," don't seem to understand that the differences in the security model between Linux and Windows. I guess this is not surprising since you claim your own computer has never been infected by another "OS," but has been infected by viruses, intruders, spyware, trojans, and adware. I suspect your comment is nothing but FUD (Fear, Uncertainty and Doubt), because if it's true "as a long time Linux user" you should have learned not to use the root account for daily activity a long time ago, and in fact almost every distribution prevents you from doing this unless you do it purposefully.
The article also does not explain how the malware gains escalated privileges to write to protected areas of the system. On Windows this is usually just a matter of the desktop user already being an administrator. Good article anyway Graham, but would appreciate more details.
It is based on Java and downloads the appropriate malware for each platform.