McAfee discovered a strand of malware that utilizes a Java backdoor for botnet communications. Does such an attack...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
differ from executable files that have served as backdoors in the past? And how can enterprises go about detecting this attack?
Ask the Expert
Do you have an enterprise threat question for Nick Lewis? Submit it now via email! (All questions are anonymous.)
In order for malware to be easily controlled remotely, it must open a backdoor for communication. As McAfee notes in its blog post about the JV/BackDoor-FAZY malware, using a Java applet as the backdoor for botnet communication functionality is not exploiting a vulnerability in Java itself or even necessarily in the underlying operating system; it utilizes Java as an infection vector because Java is so common and used on multiple platforms. This specific malware first executes on the local system and then runs the Java applet with the Java Runtime Environment (JRE). This attack is unique because of the malware kit used and the potential for multi-platform attacks utilizing the "write once, exploit everywhere" nature of the JRE.
Enterprises can detect these types of attacks with antimalware software by monitoring the network for botnet communications or monitoring processes executed on the local system. Some antimalware vendors, like McAfee noted in its blog, have detection included for this malware.
Additionally, a network tool such as an intrusion prevention system, network-based malware-detection tool, firewall or NetFlow collector could identify the malware communication on the network by analyzing the network fingerprints or by detecting communication with known botnet controllers. This could be a matter of detecting any IP connection to a known botnet controller, or new outbound connections to a particular IP. While monitoring executed processes on local enterprise systems would require significant effort and might have a high false-positive rate, organizations that have a list of known good Java applets used by a tightly controlled JRE could detect unknown Java applets being executed by the JRE and therefore mitigate the risks of the malware.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly ...continue reading
The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS ...continue reading
APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.