Linux Vulnerability Found in Web Exploit

By Jon Gold, 12-Jul-2012

According to the researchers, the backdoor may have been created with a freely available penetration testing suite known as the Social-Engineer Toolkit.

Linux Vulnerability Found in Web Exploit

A hacked Colombian Transport website has been rigged to deliver a malware payload that is able to target Mac OS, Windows and even Linux systems, according to a report from F-Secure.

Users will see a certificate warning, telling them that the website is attempting to run a signed applet with an invalid signature. If that warning is bypassed, F-Secure says, the malware checks the victim's computer, and downloads different malicious files based on what operating system it detects.

Regardless of what OS is present, however, the malware's subsequent behavior is the same -- it downloads additional files from a remote server and creates a backdoor on an infected machine. Interestingly, the Mac OS version is a PowerPC binary, which means that Intel-based Macs are immune in most cases.

According to the researchers, the backdoor may have been created with a freely available penetration testing suite known as the Social-Engineer Toolkit.

The malware, which F-Secure has dubbed GetShell.A, is unusual in a couple of ways. First, attacks against Linux are relatively rare in and of themselves. While some experts say that this is due largely to the framework's comparatively small user base -- at least, in terms of desktop users -- others argue that Linux is intrinsically more difficult to compromise than Mac OS and Windows. What's more, malware that targets multiple platforms at once is uncommon, though it does happen.

Nevertheless, CNET blogger Topher Kessler wrote that it's far from the most dangerous malware on the Web. He says that it's likely that the backdoor is the brainchild of less technically gifted hackers, and noted that the aforementioned PowerPC oversight would dramatically limit the malware's effectiveness against Macs.


Source: Networkworld (US)


  • Americas are just 2 Weeks away from Running out of IPv4 Addresses

    John Curran, CEO of the American Registry for Internet Numbers (ARIN), told attendees at the Campus Technology conference in Boston Wednesday that the IP address authority's pool of IPv4 addresses has dwindled to about 90,000 and will be exhausted in about two weeks.

  • IBM Aims New IoT Community Site at Developers

    Hoping to rally the worldwide development community around the Internet of Things and drive business to its cloud services as well, IBM has launched a community space for programmers to write software to connect remote devices to back-end cloud systems.

  • Apple Releases the Third Public Beta of OS X 10.11 El Capitan

    Beta testers: to the App Store! Apple released an update to the El Capitan public beta today, the third version. If three is your lucky number, we've got instructions on how to sign up for the beta program, and a how-to on filing feedback when you encounter bugs. Once you're enrolled, the new beta version is available in the Updates tab of the Mac App Store.

  • Symantec: Well-heeled Hacking group Black Vine behind Anthem Breach

    A group has been singled out as the attacker behind the recently disclosed hack against Anthem, believed to be the largest waged against a health care company.

More news »