Botnet Malware Found Contaminating Linux, Mac OS X and Windows Systems, Reports Kaspersky
Penetration testing experts at Kaspersky recently discovered one botnet malware designed to contaminate computers with operating systems such as Windows, Linux or Mac OS X as the devices also run Java software of Oracle.
Kaspersky named this cross platform malicious program as 'HEUR: Backdoor.Java.Agent.a.' The program primarily exploits CVE-2013-2465 while destructing the computer. The security flaw exists within Java u21 as well as its earlier editions.
To work, the bot first contaminates the PC and gets replicated inside the 'autostart' folders of files so as to make sure it becomes active whenever the system gets started. Subsequently, the PC connects with the online chat channel and then works like the central command and control server to issue instructions.
Kaspersky explains that following the installation and execution of the bot at system boot up, the malware informs its owners. That each bot may be identified, one distinct bot identifier gets produced onto every host computer. This identifier is stored onto a jsuid.dat file within home directory of the end-user, says Kaspersky. Theinquirer.net published this dated February 4, 2014.
It maybe mentioned that the attackers use the botnet for carrying out distributed denial-of-service (DDoS) assaults against devices they choose to target. They also transmit instructions inside the Internet Relay Chat (IRC) platform that lets them to tell specifically which Internet Protocol (IP) address as well as port number should be targeted along with of what duration and intensity the assaults should be.
To write the malware, only Java is used so it can run on Linux, Mac OS X and Windows systems. And to achieve greater flexibility, the botnet malware includes PircBot, which's really a Java-based Internet Relay Chat programming interface.
Kaspersky notes that the malware is made harder to get detected and examined with the utilization of Zelix Klassmaster, name of an obfuscator.
This obfuscator, besides masking bytecode, encodes series of strings. A separate code is generated for encrypting every one of the classes, implying that every string of software can be decrypted only after assessing the classes for their decryption codes, says Kaspersky. Efytimes.com published this dated February 4, 2014.
» SPAMfighter News - 10-02-2014