I've read more recently about Java-based malware that can infect any computer -- Mac, Windows or Linux -- that...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
is running Java. How does it work? Is it possible to limit the risk this malware poses while keeping Java installed?
The first priority of most malware authors is to make the most money possible from their attacks without getting caught. Being able to target as many computers as possible has a direct correlation with the money the attacker is able to make. Performing an attack on a computer regardless of its OS, be it Windows, Linux or Mac, will help attackers target the widest base possible. Because Java, much like Adobe Flash or Reader, can run on all of these platforms, it could potentially be used to attack any or all of them. This is part of the "write once, run anywhere" concept in which developers can easily add support for additional operating systems as long as the Java Runtime Environment (JRE) is available. This further demonstrates that malware authors are adopting professional software development practices.
Kaspersky Lab wrote a blog post about a new variant of malware it analyzed -- HEUR:Backdoor.Java.Agent.a -- that is a multi-platform Java-based malware. While it currently only has distributed denial-of-service capabilities, this could be seen as a sign that the author is using it to expand into a more comprehensive attack.
The malware exploits a vulnerability in the JRE CVE-2013-2465 to escape the Java sandbox and execute the code on the local system. The malware then copies itself to the autorun location for Windows, Mac or Linux so it will restart when the system reboots. While the malware currently uses IRC for the command and control (which can be blocked at the network level), future versions of the malware could include a more elaborate C&C that is not so easy to block. The best ways to limit this risk is by ensuring that locally logged in users are not logged in as administrators and by keeping the JRE up to date. By not logging in as an admin, it is more difficult for an attacker to gain admin access without exploiting a vulnerability in an installed piece of software (like the JRE). Keeping the JRE up to date will minimize the chances of an exploit gaining administrative access.
Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your questions now via email! (All questions are anonymous.)
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
When it comes to state-sponsored attacks infecting mobile devices, do users have any chance of tracing the attack? Expert Nick Lewis offers some ...continue reading
Microsoft won't patch certain ASLR bypass flaws, but enterprises still need to protect against them. Expert Nick Lewis explains the threat and how to...continue reading
Threat actors in China are using VPN services to hide and anonymize their attacks. Expert Nick Lewis explains how to get a handle on these ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.