Overclock.net › Forums › Industry News › Software News › [ZDNet] Cross-platform Trojan checks your OS: Attacks Windows, Mac, Linux
New Posts  All Forums:Forum Nav:

[ZDNet] Cross-platform Trojan checks your OS: Attacks Windows, Mac, Linux - Page 2

post #11 of 29
Thread Starter 
Quote:
Originally Posted by _02 View Post

I'm still missing something. It can't be possible that someone is JUST NOW writing code to check on the OS. Not to clog the thread up, but why was this not possible in the past? I only see if...else statements that point to platform specific malware. That seems incredibly trivial to me.

Nah you're not clogging up anything.

Not that it wasn't possible in the past, but that no one was doing it. Only now this malware shows up and this article is more a warning to expect more of the same. It's really interesting that now coders are attempting to affect all systems rather than a specific target OS. Indiscriminate attacking is the issue here that makes this so special. Those hiding behind "I'm on linux" or "I'm on a Mac" with minor to no precautions are going to be grossly affected in the future if this does in fact become a trend. Especially with "copycats" trying to catch a slice of the pie.

Or... this could all blow over and it never happen again.
Horizon
(15 items)
 
ToSHITa
(10 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core I5 2500K Gigabyte GA-B75M-D3H XFX Radeon R9-280 Double Dissipation Corsair Vengance 16GB Dual Channel DDR3 
Hard DriveHard DriveHard DriveCooling
Crucial M500 120GB SSD WD BLACK SERIES WD1003FZEX 1TB 7200 RPM 64MB Ca... Western Digital WD Blue WD10EZEX 1TB 7200 RPM 6... Corsair H100 
OSMonitorMonitorKeyboard
Windows 7 Ultimate Edition Alienware Optx AW2210 Asus VS239 CM Storm QuickFire Rapid Cherry MX Brown 
PowerCaseMouse
NZXT Hale75 750W PSU Fractal Design Node 804 Logitech G700s 
CPUMotherboardGraphicsRAM
AMD Quad-Core A8-4500M Satellite L855D-S5114 Radeon™ HD 7640G Generic 4GB DDR3-1600MHz (PC3-12800) 
Hard DriveOptical DriveOSMonitor
Crucial M4 128GB SSD Generic DVD SuperMulti DVD-RAM (5x) Windows 10 Home (Hardcore Old-key Fresh Install... 15.6" Widescreen TruBrite TFT @ 1366x768 
PowerAudio
65W (19v 3.42a) 100-240/50-60Hz AC Adaptor SRS Premium Sound HD 
CPUMotherboardGraphicsRAM
Pentium Dual T2310 Gateway C Series Intel Accelerated Graphics 1024MB 
Hard DriveOSMonitorPower
80GB Linux Mint 12 Wacom Penabled 65W Power Brick 
  hide details  
Reply
Horizon
(15 items)
 
ToSHITa
(10 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core I5 2500K Gigabyte GA-B75M-D3H XFX Radeon R9-280 Double Dissipation Corsair Vengance 16GB Dual Channel DDR3 
Hard DriveHard DriveHard DriveCooling
Crucial M500 120GB SSD WD BLACK SERIES WD1003FZEX 1TB 7200 RPM 64MB Ca... Western Digital WD Blue WD10EZEX 1TB 7200 RPM 6... Corsair H100 
OSMonitorMonitorKeyboard
Windows 7 Ultimate Edition Alienware Optx AW2210 Asus VS239 CM Storm QuickFire Rapid Cherry MX Brown 
PowerCaseMouse
NZXT Hale75 750W PSU Fractal Design Node 804 Logitech G700s 
CPUMotherboardGraphicsRAM
AMD Quad-Core A8-4500M Satellite L855D-S5114 Radeon™ HD 7640G Generic 4GB DDR3-1600MHz (PC3-12800) 
Hard DriveOptical DriveOSMonitor
Crucial M4 128GB SSD Generic DVD SuperMulti DVD-RAM (5x) Windows 10 Home (Hardcore Old-key Fresh Install... 15.6" Widescreen TruBrite TFT @ 1366x768 
PowerAudio
65W (19v 3.42a) 100-240/50-60Hz AC Adaptor SRS Premium Sound HD 
CPUMotherboardGraphicsRAM
Pentium Dual T2310 Gateway C Series Intel Accelerated Graphics 1024MB 
Hard DriveOSMonitorPower
80GB Linux Mint 12 Wacom Penabled 65W Power Brick 
  hide details  
Reply
post #12 of 29
Spoof windows running chrome to osx running safari.

lol at the poor little confused virus. wink.gif
Arcane
(33 items)
 
Sanctum
(9 items)
 
Fukurou
(15 items)
 
CPUMotherboardGraphicsRAM
Ryzen 7 1700 MSI B350M Mortar Arctic RX Vega 64 G.Skill TridentZ  
Hard DriveHard DriveOSPower
Samsung EVO 960 Consatellation Windows 10 Pro Corsair HX 1050 
Case
Raijintek Aeneas White Window 
CPUMotherboardRAMHard Drive
Core i5-661 GA-H55-USB3 12GB DDR3 1333 WD Caviar Black AALS 640GB 
Hard DriveHard DriveOptical DriveCooling
WD Caviar Green EARS 2TB Vertex Turbo 60GB (SSD) Samsung Blu-ray, Samsung DVD Burner H50 (With push/pull nocturas) 
OSMonitorKeyboardPower
Windows 10 Professional 64 LG 47inch LED LCD Saitek Eclipse Lite-touch Wireless Seasonic X750 Gold 
CaseAudio
CM690 II Passive bookshelfspeakers + amp. 
  hide details  
Reply
Arcane
(33 items)
 
Sanctum
(9 items)
 
Fukurou
(15 items)
 
CPUMotherboardGraphicsRAM
Ryzen 7 1700 MSI B350M Mortar Arctic RX Vega 64 G.Skill TridentZ  
Hard DriveHard DriveOSPower
Samsung EVO 960 Consatellation Windows 10 Pro Corsair HX 1050 
Case
Raijintek Aeneas White Window 
CPUMotherboardRAMHard Drive
Core i5-661 GA-H55-USB3 12GB DDR3 1333 WD Caviar Black AALS 640GB 
Hard DriveHard DriveOptical DriveCooling
WD Caviar Green EARS 2TB Vertex Turbo 60GB (SSD) Samsung Blu-ray, Samsung DVD Burner H50 (With push/pull nocturas) 
OSMonitorKeyboardPower
Windows 10 Professional 64 LG 47inch LED LCD Saitek Eclipse Lite-touch Wireless Seasonic X750 Gold 
CaseAudio
CM690 II Passive bookshelfspeakers + amp. 
  hide details  
Reply
post #13 of 29
Not trying to bash the article or the OP or anything, but this is old. It has been done before in the past.

And not only that, but this is a horrible implementation of it too. This virus requires the user to have Java installed and requires the user to hit accept to the security dialogue from Java which may steer away too many potential victims. In addition, it must be run under a virtual machine i.e. Java.

A better implementation without any dependencies (or requires users to ignore security dialogues) is to build 3 versions of the virus aimed at each OS. For example: take a look at the Russian virus NetWire. On the hacker's website (disguised as genuine software), the hacker would advertise his software as cross-platform. So the user downloads a version of the software suitable for their OS and is then infected.
Quote:
NetWire’s Workstation compiled in Delphi runs on Windows platforms only (can be run on WINE though and various other Windows emulators).

The Host compiled in C, on the other hand, runs on Windows, Linux and Solaris (and Variants) as a Native application, without requiring any Framework (such as .NET), Virtual Machine (such as Java Virtual Machine) or any Extra Dynamic Link Libraries.

Edited by tahayassen - 7/12/12 at 7:45am
post #14 of 29
Thread Starter 
Quote:
Originally Posted by tahayassen View Post

Not trying to bash the article or the OP or anything, but this is old. It has been done before in the past.
And not only that, but this is a horrible implementation of it too. This virus requires the user to have Java installed and requires the user to hit accept to the security dialogue from Java which may steer away too many potential victims. In addition, it must be run under a virtual machine i.e. Java.
A better implementation without any dependencies (or requires users to ignore security dialogues) is to build 3 versions of the virus aimed at each OS. For example: take a look at the Russian virus NetWire. On the hacker's website (disguised as genuine software), the hacker would advertise his software as cross-platform. So the user downloads a version of the software suitable for their OS and is then infected.
Quote:
NetWire’s Workstation compiled in Delphi runs on Windows platforms only (can be run on WINE though and various other Windows emulators).
The Host compiled in C, on the other hand, runs on Windows, Linux and Solaris (and Variants) as a Native application, without requiring any Framework (such as .NET), Virtual Machine (such as Java Virtual Machine) or any Extra Dynamic Link Libraries.

Actually it would still work well despite the security warning. the only real issue here is if they were spoofing a legitimately signes source. of so, people would happily click away under the guise of being a legitimate appplication.

Now i do not know about older cross platform dowbloader trojans, so if anyone could correct me id really appreciate it. As far as i know, thia is one of the only recent dler trojans to be cross platform.

Sent from my Samsung Galaxy S II
Horizon
(15 items)
 
ToSHITa
(10 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core I5 2500K Gigabyte GA-B75M-D3H XFX Radeon R9-280 Double Dissipation Corsair Vengance 16GB Dual Channel DDR3 
Hard DriveHard DriveHard DriveCooling
Crucial M500 120GB SSD WD BLACK SERIES WD1003FZEX 1TB 7200 RPM 64MB Ca... Western Digital WD Blue WD10EZEX 1TB 7200 RPM 6... Corsair H100 
OSMonitorMonitorKeyboard
Windows 7 Ultimate Edition Alienware Optx AW2210 Asus VS239 CM Storm QuickFire Rapid Cherry MX Brown 
PowerCaseMouse
NZXT Hale75 750W PSU Fractal Design Node 804 Logitech G700s 
CPUMotherboardGraphicsRAM
AMD Quad-Core A8-4500M Satellite L855D-S5114 Radeon™ HD 7640G Generic 4GB DDR3-1600MHz (PC3-12800) 
Hard DriveOptical DriveOSMonitor
Crucial M4 128GB SSD Generic DVD SuperMulti DVD-RAM (5x) Windows 10 Home (Hardcore Old-key Fresh Install... 15.6" Widescreen TruBrite TFT @ 1366x768 
PowerAudio
65W (19v 3.42a) 100-240/50-60Hz AC Adaptor SRS Premium Sound HD 
CPUMotherboardGraphicsRAM
Pentium Dual T2310 Gateway C Series Intel Accelerated Graphics 1024MB 
Hard DriveOSMonitorPower
80GB Linux Mint 12 Wacom Penabled 65W Power Brick 
  hide details  
Reply
Horizon
(15 items)
 
ToSHITa
(10 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core I5 2500K Gigabyte GA-B75M-D3H XFX Radeon R9-280 Double Dissipation Corsair Vengance 16GB Dual Channel DDR3 
Hard DriveHard DriveHard DriveCooling
Crucial M500 120GB SSD WD BLACK SERIES WD1003FZEX 1TB 7200 RPM 64MB Ca... Western Digital WD Blue WD10EZEX 1TB 7200 RPM 6... Corsair H100 
OSMonitorMonitorKeyboard
Windows 7 Ultimate Edition Alienware Optx AW2210 Asus VS239 CM Storm QuickFire Rapid Cherry MX Brown 
PowerCaseMouse
NZXT Hale75 750W PSU Fractal Design Node 804 Logitech G700s 
CPUMotherboardGraphicsRAM
AMD Quad-Core A8-4500M Satellite L855D-S5114 Radeon™ HD 7640G Generic 4GB DDR3-1600MHz (PC3-12800) 
Hard DriveOptical DriveOSMonitor
Crucial M4 128GB SSD Generic DVD SuperMulti DVD-RAM (5x) Windows 10 Home (Hardcore Old-key Fresh Install... 15.6" Widescreen TruBrite TFT @ 1366x768 
PowerAudio
65W (19v 3.42a) 100-240/50-60Hz AC Adaptor SRS Premium Sound HD 
CPUMotherboardGraphicsRAM
Pentium Dual T2310 Gateway C Series Intel Accelerated Graphics 1024MB 
Hard DriveOSMonitorPower
80GB Linux Mint 12 Wacom Penabled 65W Power Brick 
  hide details  
Reply
post #15 of 29
Java has been a virus itself since it's inception. No news here.
post #16 of 29
Quote:
Originally Posted by MediaRocker View Post

requires Rosetta d.

Guess it doesn't work on 90% of Apple machine then. Lion and above doesn't have Rosetta.
post #17 of 29
OMG this is a game changer!!
 
A955 Phenomator
(16 items)
 
 
CPUMotherboardGraphicsRAM
i7 2700k @4.8ghz g1 sniper3 msi 660ti 3gb 32 gb mushkind silverline 
Hard DriveHard DriveHard DriveHard Drive
intel 180gb ssd ocz 120gb solid3 ocz 120gb vertex plus ocz 120gb vertex plus 
Hard DriveHard DriveHard DriveOptical Drive
ocz 120gb vertex plus seagate 3tb seagate 3tb lg bur-ay 
CoolingOSMonitorMonitor
noctuca d-14 windows 8 pro samsung 23in led samung 19in lcd w 
PowerCase
ocz-b 1000w shinobi xl black 
CPUMotherboardRAMRAM
amd phenom2 955be 4.26ghz stable gigabyte GA-890GPA-UD3H rev 2.1 CORSAIR XMS CORSAIR XMS 
Hard DriveHard DriveHard DriveOptical Drive
OCZ solid3 SEAGATE Barracuda 7200.12  SEAGATE Barracuda 7200.12  DVD-RW 
CoolingOSMonitorKeyboard
mugen 2 WIN7 ULTIMATE 64BIT 1x24in Samsung LED s24sa300 and 1X19IN SAMSUNG ... Logisys red/blue led! 
PowerCase
thermaltake 750w Z9 plus with some fan mods! 
  hide details  
Reply
 
A955 Phenomator
(16 items)
 
 
CPUMotherboardGraphicsRAM
i7 2700k @4.8ghz g1 sniper3 msi 660ti 3gb 32 gb mushkind silverline 
Hard DriveHard DriveHard DriveHard Drive
intel 180gb ssd ocz 120gb solid3 ocz 120gb vertex plus ocz 120gb vertex plus 
Hard DriveHard DriveHard DriveOptical Drive
ocz 120gb vertex plus seagate 3tb seagate 3tb lg bur-ay 
CoolingOSMonitorMonitor
noctuca d-14 windows 8 pro samsung 23in led samung 19in lcd w 
PowerCase
ocz-b 1000w shinobi xl black 
CPUMotherboardRAMRAM
amd phenom2 955be 4.26ghz stable gigabyte GA-890GPA-UD3H rev 2.1 CORSAIR XMS CORSAIR XMS 
Hard DriveHard DriveHard DriveOptical Drive
OCZ solid3 SEAGATE Barracuda 7200.12  SEAGATE Barracuda 7200.12  DVD-RW 
CoolingOSMonitorKeyboard
mugen 2 WIN7 ULTIMATE 64BIT 1x24in Samsung LED s24sa300 and 1X19IN SAMSUNG ... Logisys red/blue led! 
PowerCase
thermaltake 750w Z9 plus with some fan mods! 
  hide details  
Reply
post #18 of 29
So is this a virus that was somehow designed to work for 3 separate OS's, or does it download one of 3 viruses depending on your OS?

If it's the former, then this is bad, if it's the later, someone bothered making 3 viruses. Sucks for linux users though.
1st Self-Built
(10 items)
 
  
CPUMotherboardRAMHard Drive
A10-5800K AsRock A75 Pro-4 M Crucial Seagate Barracuda 
CoolingOSPowerCase
Cooler Master Hyper 612 Windows 8 Pro Thermaltake Toughpower 675 NZXT H 
Audio
Asus Xonar DG 
  hide details  
Reply
1st Self-Built
(10 items)
 
  
CPUMotherboardRAMHard Drive
A10-5800K AsRock A75 Pro-4 M Crucial Seagate Barracuda 
CoolingOSPowerCase
Cooler Master Hyper 612 Windows 8 Pro Thermaltake Toughpower 675 NZXT H 
Audio
Asus Xonar DG 
  hide details  
Reply
post #19 of 29
Quote:
Originally Posted by Shimme View Post

Sucks for Java linux users though.

Since most stuff on Linux is open source it isn't hard, and doesn't take long to patch these security holes by individuals, full distro's and the whole community. And will likely only effect those using Ubuntu or another ~6 month release cycles, but I doubt the hole still stay long in any rolling release / bleeding edge distro who always has the latest and greatest.

That said, there's not many programs on Linux that absolutely require Java, nor are there many websites that require it. Even programs that have it as a dependency don't need it for /most/ of their functionality. So it's easily uninstalled and threat removed.

Also, you have to remember as is, Linux is geared more towards people who know what they're doing. And no user who knows what they're doing is going to accept to install anything that they don't know what it is, or doesn't come from their distro's repository. Which is key here, this trojan makes a popup asking you to install the Java applet, this on Linux is a big no no and most users know better to not install stuff that isn't in their distro's repo, or in another trusted repo.
post #20 of 29
Quote:
Originally Posted by MediaRocker View Post

Actually it would still work well despite the security warning. the only real issue here is if they were spoofing a legitimately signes source. of so, people would happily click away under the guise of being a legitimate appplication.
Now i do not know about older cross platform dowbloader trojans, so if anyone could correct me id really appreciate it. As far as i know, thia is one of the only recent dler trojans to be cross platform.
Sent from my Samsung Galaxy S II

How would it still work if the user declines the security warning and refuses the run the drive-by?
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [ZDNet] Cross-platform Trojan checks your OS: Attacks Windows, Mac, Linux