I've read more recently about Java-based malware that can infect any computer -- Mac, Windows or Linux -- that...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
is running Java. How does it work? Is it possible to limit the risk this malware poses while keeping Java installed?
The first priority of most malware authors is to make the most money possible from their attacks without getting caught. Being able to target as many computers as possible has a direct correlation with the money the attacker is able to make. Performing an attack on a computer regardless of its OS, be it Windows, Linux or Mac, will help attackers target the widest base possible. Because Java, much like Adobe Flash or Reader, can run on all of these platforms, it could potentially be used to attack any or all of them. This is part of the "write once, run anywhere" concept in which developers can easily add support for additional operating systems as long as the Java Runtime Environment (JRE) is available. This further demonstrates that malware authors are adopting professional software development practices.
Kaspersky Lab wrote a blog post about a new variant of malware it analyzed -- HEUR:Backdoor.Java.Agent.a -- that is a multi-platform Java-based malware. While it currently only has distributed denial-of-service capabilities, this could be seen as a sign that the author is using it to expand into a more comprehensive attack.
The malware exploits a vulnerability in the JRE CVE-2013-2465 to escape the Java sandbox and execute the code on the local system. The malware then copies itself to the autorun location for Windows, Mac or Linux so it will restart when the system reboots. While the malware currently uses IRC for the command and control (which can be blocked at the network level), future versions of the malware could include a more elaborate C&C that is not so easy to block. The best ways to limit this risk is by ensuring that locally logged in users are not logged in as administrators and by keeping the JRE up to date. By not logging in as an admin, it is more difficult for an attacker to gain admin access without exploiting a vulnerability in an installed piece of software (like the JRE). Keeping the JRE up to date will minimize the chances of an exploit gaining administrative access.
Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your questions now via email! (All questions are anonymous.)
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly ...continue reading
The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS ...continue reading
APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.