Forgot your password?
typodupeerror
Botnet Java Security IT

Multiplatform Java Botnet Spotted In the Wild 203

Posted by timothy
from the semi-equal-opportunity dept.
It's fun sometimes to be smug because you are ("one is") using an operating system less susceptible to malware, or at least less targeted by malware creators, than is Microsoft Windows. Now, reader Orome1 writes with word of a Java-based, equal-opportunity botnet Trojan, excerpting from Help Net Security's report: "'IncognitoRAT is one example of a Java-based Trojan discovered in the wild that is being downloaded and installed by another component. This malware behaves like other Windows botnets but uses source code and libraries that can operate on other platforms,' explains McAfee's Carlos Castillo." So far, no mention of a Linux version, though.
This discussion has been archived. No new comments can be posted.

Multiplatform Java Botnet Spotted In the Wild

Comments Filter:
  • by mrnobo1024 (464702) on Thursday May 05, 2011 @09:16PM (#36043584)

    None that you know about. You can hide a lot in a closed-source binary.

    The only "security" iOS has is that you have to shell out $100/year to be a developer. Gives great protection against hobbyist programmers, does absolutely nothing against the Russian mafia.

  • by Cougar Town (1669754) on Thursday May 05, 2011 @09:26PM (#36043646)

    You don't enable or disable Java. If it's installed on your system, it's available to use. You can, however, enable or disable the Java applet plugin for your web browsers, which is probably what you're talking about and isn't necessarily what this is about (TFA didn't mention applets or browsers). Java applications (not applets) can run on your system as long as you have Java installed, regardless of whether you have the browser plugins enabled or not, just like how you can open a PDF if Adobe Reader is installed, regardless of whether you have the Adobe Reader browser plugin enabled or not. So in theory, if they found an attack vector for your OS, having the Java plugin disabled wouldn't stop this from running on your system at all.

    Getting it onto your system is the trick, though. If they found a hole in the Java plugin's sandbox, they could potentially exploit that using an applet and get the code onto your system. Disabling the plugin prevents that possibility, but if they were trying to push this via browsers there are lots of other plugins and holes are found in browsers all the time.

    That being said, I don't bother with the Java plugin either, because applets are crap and I have no use for them and agree with you about sites requiring them (and I'm a full-time Java developer)

  • Re:um.... (Score:3, Interesting)

    by Snarky McButtface (1542357) on Thursday May 05, 2011 @09:55PM (#36043784)
    I am a linux user but the wife prefers Windows. On her Windows box I have installed Secunia PSI [secunia.com] which automatically updates most of the third party software on the system. If it does not update something, it informs her so she can do it manually.

Testing can show the presense of bugs, but not their absence. -- Dijkstra

Working...