I've read more recently about Java-based malware that can infect any computer -- Mac, Windows or Linux -- that...
is running Java. How does it work? Is it possible to limit the risk this malware poses while keeping Java installed?
The first priority of most malware authors is to make the most money possible from their attacks without getting caught. Being able to target as many computers as possible has a direct correlation with the money the attacker is able to make. Performing an attack on a computer regardless of its OS, be it Windows, Linux or Mac, will help attackers target the widest base possible. Because Java, much like Adobe Flash or Reader, can run on all of these platforms, it could potentially be used to attack any or all of them. This is part of the "write once, run anywhere" concept in which developers can easily add support for additional operating systems as long as the Java Runtime Environment (JRE) is available. This further demonstrates that malware authors are adopting professional software development practices.
Kaspersky Lab wrote a blog post about a new variant of malware it analyzed -- HEUR:Backdoor.Java.Agent.a -- that is a multi-platform Java-based malware. While it currently only has distributed denial-of-service capabilities, this could be seen as a sign that the author is using it to expand into a more comprehensive attack.
The malware exploits a vulnerability in the JRE CVE-2013-2465 to escape the Java sandbox and execute the code on the local system. The malware then copies itself to the autorun location for Windows, Mac or Linux so it will restart when the system reboots. While the malware currently uses IRC for the command and control (which can be blocked at the network level), future versions of the malware could include a more elaborate C&C that is not so easy to block. The best ways to limit this risk is by ensuring that locally logged in users are not logged in as administrators and by keeping the JRE up to date. By not logging in as an admin, it is more difficult for an attacker to gain admin access without exploiting a vulnerability in an installed piece of software (like the JRE). Keeping the JRE up to date will minimize the chances of an exploit gaining administrative access.
Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your questions now via email! (All questions are anonymous.)
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
MedSec and Muddy Waters Capital revealed serious flaws in IoT medical devices manufactured by St. Jude Medical. Expert Nick Lewis explains the ...continue reading
RIPPER malware has been found responsible for the theft of $378,000 from ATMs in Thailand. Expert Nick Lewis explains how this ATM malware works.continue reading
Researchers found that facial recognition systems can be bypassed with 3D models. Expert Nick Lewis explains how these spoofing attacks work and what...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.