Forgot your password?
typodupeerror
Botnet Java Security IT

Multiplatform Java Botnet Spotted In the Wild 203

Posted by timothy
from the semi-equal-opportunity dept.
It's fun sometimes to be smug because you are ("one is") using an operating system less susceptible to malware, or at least less targeted by malware creators, than is Microsoft Windows. Now, reader Orome1 writes with word of a Java-based, equal-opportunity botnet Trojan, excerpting from Help Net Security's report: "'IncognitoRAT is one example of a Java-based Trojan discovered in the wild that is being downloaded and installed by another component. This malware behaves like other Windows botnets but uses source code and libraries that can operate on other platforms,' explains McAfee's Carlos Castillo." So far, no mention of a Linux version, though.
This discussion has been archived. No new comments can be posted.

Multiplatform Java Botnet Spotted In the Wild

Comments Filter:
  • by l0ungeb0y (442022) on Thursday May 05, 2011 @08:25PM (#36043200) Homepage Journal

    AFAIK, any OS that allows a user to install software is susceptible to malware.
    Anyone smugly thinking they aren't is an idiot.

    Wake me up when a worm has been discovered in the wild targeting OS X or Linux

  • Re:um.... (Score:5, Insightful)

    by John Hasler (414242) on Thursday May 05, 2011 @08:47PM (#36043378) Homepage

    ...but uses source code and libraries that can operate on other platforms,

    Read that again. Source code.

    Also from the article:

    The original propagation vector of IncognitoRAT is a Windows executable, but apparently it was created using the tool JarToExe, which includes, among other features, the ability to convert .jar files into .exe files,...

    In other words, it may be source compatible with Linux but there is no Linux binary in the wild. The jar files might run on Linux but the key component needed to download and install it is a Windows binary.

  • Re:um.... (Score:5, Insightful)

    by jd2112 (1535857) on Thursday May 05, 2011 @08:58PM (#36043470)
    So typical. Program is written in Java but packaged so it is Windows only defeating the main purpose of using Java in the first place.
  • Re:Significance (Score:0, Insightful)

    by Anonymous Coward on Thursday May 05, 2011 @09:11PM (#36043548)

    If you don't know Linux then your opinion doesn't really matter.

    I am pretty sure every Linux user here has used Linux AND windows and therefore has the ability to make a direct comparison from a purely user perspective.

    If you want your opinion to count for something in cases like this then download Virtualbox and install a Linux VM so that you can experience the differences for yourself.

  • by jc42 (318812) on Thursday May 05, 2011 @10:22PM (#36043896) Homepage Journal

    It is funny how the "They don't attack X because it's not popular" meme keeps popping up, no matter how often people show how wrong it is.

    My favorite approach for debunking it is to point out that apache has been the overwhelmingly dominant web server since 1996 (according to Netcraft), and web servers are one of the most inviting targets that the computer business has to offer. But how many actual exploits have ever appeared for apache? When was the last story of a worm, virus, whatever making the rounds by taking advantage of a security hole in apache? (There have been a few security holes in releases of apache, but they tend to be fixed before an exploit appears, due to the "many eyes" that are always looking at apache's code, usually for other reasons. As such things go, it's a very approachable piece of software.)

    Of course, there are lots of other chunks of software that serve equally well for debunking this meme. Just recently, I ran across yet another survey that once again made the old estimate that over 50% of the world's cpu cycles are spent running one venerable chunk of code, the Simplex Algorithm. Has that code ever been a vector for malware? You'd think it would be, since manufacturing plants everywhere in the world totally depend on it for their profitability. But I doubt if you'd find very many malware authors who would even recognize its name, much less tell you what it does.

    I guess it's the old problem that things like religion, politics, and apparently computer security issues don't encourage people to look at the actual facts. It's totally acceptable to just make up a theory and use it to explain everything, without bothering with even the simplest of tests against reality.

    (And I do like to try to debunk the claim that the Simplex Algorithm is the main user of cpu cycles by countering that the actual winner in that ranking is the Idle Loop. But people look at me funny when I say that. ;-)

  • Re:um.... (Score:3, Insightful)

    by hairyfeet (841228) <bassbeast1968 AT gmail DOT com> on Thursday May 05, 2011 @10:45PM (#36043996) Journal

    You mean "Windows excels in that part of the attack vector a decade ago" FTFY. Seriously people Vista has been out nearly FIVE years, Windows 7 now for TWO years, did the DOS jokes continue into 2005?

    So the moral of the story little childrens is this: stop running decade old shite and if you ARE gonna run decade old shite have a fricking brain about it and run a decent free AV (I'd recommend either Avast or Comodo as both have default sandboxing) along with not running every damned bit of code found in the backwoods of the Internet offering you free titties or money from a Nigerian prince. is that REALLY so hard?

    As for TFA, count the days Linux guys, count the days. you already have the malware kit for OSX, and all those Android phones means malware writers finally have a reason to start snooping around. All those noobs you got on Ubuntu sure would be a nice little addition to their botnets wouldn't they? Count the days Linux guys, count the days until your DOOM!

  • Re:Significance (Score:4, Insightful)

    by clang_jangle (975789) on Friday May 06, 2011 @04:42AM (#36045274) Journal
    I think my original point stands though. If it's so easy to compromise Linux, why isn't it being done? Why can't the very people who like to crow about how easy it is (and even hurl accusations of "security through obscurity") just put up or shut up?

    I think we both know the answer to that. The PEBKAC is still there for the average user, no matter which system they use. But in Linux the system isn't designed to make it trivial to run any code from any location, as windows historically has been -- it's a bit better with 7 than it was previously, and XP SP3 is also a major improvement over previous versions. But it's still fairly trivial to generate windows malware, going by the sheer volume of infected machines. I personally have one person in my contacts running win7 whose machine is spamming me daily. Oops. Windows is still the lowest hanging fruit, and as criminals are pretty much always lazy people looking to get rich quick that's what they go for. When that's gone, they'll move on to other scams (assuming OS X has been locked down, otherwise that's hanging a bit low as it is). They will not learn to be 1337 for reelz and finally code that Linux virus. That's not the criminal MO.

"Irrationality is the square root of all evil" -- Douglas Hofstadter

Working...