McAfee discovered a strand of malware that utilizes a Java backdoor for botnet communications. Does such an attack...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
differ from executable files that have served as backdoors in the past? And how can enterprises go about detecting this attack?
Ask the Expert
Do you have an enterprise threat question for Nick Lewis? Submit it now via email! (All questions are anonymous.)
In order for malware to be easily controlled remotely, it must open a backdoor for communication. As McAfee notes in its blog post about the JV/BackDoor-FAZY malware, using a Java applet as the backdoor for botnet communication functionality is not exploiting a vulnerability in Java itself or even necessarily in the underlying operating system; it utilizes Java as an infection vector because Java is so common and used on multiple platforms. This specific malware first executes on the local system and then runs the Java applet with the Java Runtime Environment (JRE). This attack is unique because of the malware kit used and the potential for multi-platform attacks utilizing the "write once, exploit everywhere" nature of the JRE.
Enterprises can detect these types of attacks with antimalware software by monitoring the network for botnet communications or monitoring processes executed on the local system. Some antimalware vendors, like McAfee noted in its blog, have detection included for this malware.
Additionally, a network tool such as an intrusion prevention system, network-based malware-detection tool, firewall or NetFlow collector could identify the malware communication on the network by analyzing the network fingerprints or by detecting communication with known botnet controllers. This could be a matter of detecting any IP connection to a known botnet controller, or new outbound connections to a particular IP. While monitoring executed processes on local enterprise systems would require significant effort and might have a high false-positive rate, organizations that have a list of known good Java applets used by a tightly controlled JRE could detect unknown Java applets being executed by the JRE and therefore mitigate the risks of the malware.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
Latentbot malware has layers of obfuscation that makes it hard to detect. Expert Nick Lewis explains how its process works, beginning with a phishing...continue reading
A hard to detect type of Linux malware, Rekoobe, can download files to user systems. Expert Nick Lewis explains the malware's key functionality and ...continue reading
Pro POS, a new type of POS malware, has simple operations and is easy to obtain. How was it so successful against businesses? Expert Nick Lewis ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.