Multiplatform Java Botnet Spotted In the Wild

Multiplatform Java Botnet Spotted In the Wild 203

Posted by timothy on Thursday May 05, 2011 @08:01PM from the semi-equal-opportunity dept.

It's fun sometimes to be smug because you are ("one is") using an operating system less susceptible to malware, or at least less targeted by malware creators, than is Microsoft Windows. Now, reader Orome1 writes with word of a Java-based, equal-opportunity botnet Trojan, excerpting from Help Net Security's report: "'IncognitoRAT is one example of a Java-based Trojan discovered in the wild that is being downloaded and installed by another component. This malware behaves like other Windows botnets but uses source code and libraries that can operate on other platforms,' explains McAfee's Carlos Castillo." So far, no mention of a Linux version, though.

Multiplatform Java Botnet Spotted In the Wild

This discussion has been archived. No new comments can be posted.

Search 203 Comments Log In/Create an Account

Comments Filter:

Re:um.... (Score:5, Informative)

by guruevi ( 827432 ) writes: <evi@ev c i r c u i t s . com> on Thursday May 05, 2011 @08:20PM (#36043150) Homepage

If you rtfa, the software (trojan) has to be installed somehow. The payload has to get on a computer and be executed.
FTFA: The original propagation vector of IncognitoRAT is a Windows executable, but apparently it was created using the tool JarToExe, which includes, among other features, the ability to convert .jar files into .exe files, to add program icons and version information, and protect and encrypt Java programs...However, we’ve seen only the PC version in a downloader/dropper in the wild.
Yes, I can run a Java-based botnet client (it may be one of the first) but I have to get it to run on a computer without user interaction or demands for passwords or administrative rights - Windows excels in that part of the attack vector.

twitter facebook linkedin
Re:Significance (Score:2, Informative)

by clang_jangle ( 975789 ) writes: on Thursday May 05, 2011 @08:41PM (#36043320) Journal

How imaginative. Why, when this fallacious "reasoning" defeated in every single slashdot story in which it comes up, do people persist in trying to promote this myth? You *can't* unwittingly install and run arbitrary code on Linux the way you can on windows, unless you're incompetent and running as root all the time (which incredibly, I do know of at least one person who does -- but it's rare).

twitter facebook linkedin
Re:um.... (Score:4, Informative)

by LynnwoodRooster ( 966895 ) writes: on Thursday May 05, 2011 @09:53PM (#36043770) Journal

In this case it can theoretically operate on other platforms, but it cannot propogate to them. One could install it intentionally perhaps, but it won't make its way onto the Linux box against the system administrators will.
Thus it's called a Trojan - not a virus. It won't self-replicate and transmit to computers on other OSes as well...

twitter facebook linkedin
Re:um.... (Score:4, Informative)

by TheLink ( 130905 ) writes: on Thursday May 05, 2011 @10:01PM (#36043806) Journal

The Linux "installer" is called Firefox.

Google for firefox exploit linux. Or firefox vulnerability.

As long as attackers can run arbitrary code of their choice they can install botnet software.

Even if it means tricking the user to run it... Which is what botnet operators do all the time to Windows users.

The "linux" fanatics just like to believe Linux is more secure when there are so many exploited Linux servers[1] out there.

Go ahead and blame the administrators and users, but just imagine the sort of users you have "administering" a typical Windows machine.

They are the very users botnet operators target.

If OSX and "Desktop Linux" become very popular, you might get malware written in perl for more cross platform goodness.

[1] There may not be as many exploited Linux desktops, but I suspect there may be more Linux servers than desktops in the world ;).

twitter facebook linkedin
Re:RUN FOR YOU LIVES !! (Score:3, Informative)

by mckorr ( 1274964 ) writes: on Thursday May 05, 2011 @10:16PM (#36043884) Homepage

2.7182 is e, not pi...

twitter facebook linkedin
Re:um.... (Score:3, Informative)

by shutdown -p now ( 807394 ) writes: on Thursday May 05, 2011 @11:01PM (#36044074) Journal

Java is not Java if you use platform specific attack vectors as this botnet does. In this case it can theoretically operate on other platforms, but it cannot propogate to them.
Sure, so you end up having to muck around with bash for something as simple as installing some damn botnet. apt-get install this, /etc/init.d/restart that...
See, that's what I mean when I say that Linux is not ready for the desktop! ~

twitter facebook linkedin
Re:RUN FOR YOU LIVES !! (Score:2, Informative)

by trapnest ( 1608791 ) writes: <janusofzeal@gmail.com> on Friday May 06, 2011 @12:27AM (#36044428)

Whoosh

twitter facebook linkedin

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Multiplatform Java Botnet Spotted In the Wild 203

Multiplatform Java Botnet Spotted In the Wild More Login

Multiplatform Java Botnet Spotted In the Wild

Re:um.... (Score:5, Informative)

Re:Significance (Score:2, Informative)

Re:um.... (Score:4, Informative)

Re:um.... (Score:4, Informative)

Re:RUN FOR YOU LIVES !! (Score:3, Informative)

Re:um.... (Score:3, Informative)

Re:RUN FOR YOU LIVES !! (Score:2, Informative)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot