Java Bot, a cross-platform malware capable of running on Windows, Mac and Linux

Security researchers at Kaspersky has came across a cross-platform malware which is capable of running on Windows, Mac and Linux.

The malware is completely written in Java. Even the exploit used for delivering the malware is also well-known Java exploit(CVE-2013-2465) which makes the campaign completely cross-platform.

Once the bot has infected a system, it copies itself into user's home directory as well as add itself to the autostart programs list to ensure it gets executed whenever user reboots the system.

Once the configuration is done, the malware generates an unique identifier and informs its master. Cyber criminals later communicates with this bot through IRC protocol.

The main purpose of this bot is appeared to be participate in Distributed-denial-of-service(DDOS) attacks. Attacker can instruct the bot to attack a specific address and specify a duration for the attack.

The malware uses few techniques to make the malware analysis and detection more difficult. It uses the Zelix Klassmaster obfuscator. This obfuscator not only obfuscate the byte code but also encrypts string constants.

All machines running Java 7 update 21 and earlier versions are likely to be vulnerable to this attack.

Comments

HC WeB : A Browser for HACKERS...

A Browser for HACKERS... Try for Free... Download HC WeB Setup Gallery: Online Penetration Testing Tools Index Information Gathering Whois DNS Location Info Enumeration and Fingerprint Data Mining Search Engines Editors Online Text Editors Share Text Snippets Network Utilities Ping HTTP HTTPS VNC Remote Desktop SSH DNS Sniffers Misc Forensics Frameworks URL Cloaking E-mail Password Cracking Encoders and Decoders Encoders Decoders Malwares Malware Analysis Identify Malicious Websites Suspected Malicious IPs and URLs Application Auditing SQL Injection Cross Site Scripting File Inclusion Anonymity Proxy Others Hackery Open Penetration Testing Bookmarks Collection Hacker Media Blogs, Forums, Magazines and Videos. Methodologies Penetration testing frameworks, standards and methodologies. OSINT Presentations, People, Organizations and Infrastructure. Exploits an...

OpenBSD Project survived after $20,000 Donation from Romanian Bitcoin Billionaire

Last year in the month of December the Security-focused Unix-like distribution ' OpenBSD ' Foundation announced that it was facing shut down due to lack of funds to pay their electricity bills and dedicated Internet line costs. Theo de Raadt , the founder of the OpenBSD project, and Bob Beck (Developer) announced : " In light of shrinking funding, we do need to look for a source to cover project expenses. If need be the OpenBSD Foundation can be involved in receiving donations to cover project electrical costs. But the fact is right now, OpenBSD will shut down if we do not have the funding to keep the lights on. " Just after a month, a Bitcoin billionaire from Romania has stepped in and sorted OpenBSD out! Mircea Popescu , the creator of the MPEx Bitcoin stock exchange has offered $20,000 donations to the OpenBSD Foundation and saved the existence of OpenBSD development from being stopped. Like each o...

Microsoft remotely deleted Tor-based 'Sefnit Botnet' from more than 2 Million Systems

In October 2013, Microsoft adopted a silent, offensive method to tackle infection due to a Tor-based botnet malware called ' Sefnit '. In an effort to takedown of the Sefnit botnet to protect windows users, Microsoft r emotely removes the older versions of installed Tor Browser software and infection from 2 Million systems, even without the knowledge of the system's owner. Last year in August, after Snowden revelations about the National Security Agency's ( NSA ) Spying programs, the Internet users were under fear of being spied. During the same time Tor Project leaders noticed almost 600% increase in the number of users over the anonymizing networks of Tor i.e. More than 600,000 users join Tor within few weeks. In September, researchers identified the major reason of increased Tor users i.e. A Tor-based botnet called ' Sefnit malware ', which was infecting millions of computers for click fraud and bitcoin ...

Hacking Concepts

Search This Blog