or Connect
AppleInsider › Forums › Software › Mac OS X › New Java malware attacks Apple's OS X along with Windows, Linux
New Posts  All Forums:Forum Nav:

New Java malware attacks Apple's OS X along with Windows, Linux

post #1 of 68
Thread Starter 
A new form of browser-based cross-platform malware can give hackers remote access to computers running Apple's OS X, Microsoft's Windows, and even Linux.

The multi-platform backdoor malware was disclosed this week by security firm F-Secure. It was originally discovered on a Colombian Transport website, and relies on social engineering to trick users into running a Java Archive file, meaning it is not likely to be a major threat.

However, its cross-platform design is unique. If users grant permission to the Java Archive, the malware will secretly determine whether the user is running a Mac, a Windows PC, or a Linux machine. When running on a Mac, the malware will remotely connect to an IP address through port 8080 to obtain additional code to execute.

Anti-virus maker Sophos said on Wednesday that the new malware has the potential to affect a higher number of people because of its multi-platform strategy. Typically, malware and viruses target Windows PCs, as they represent the overwhelming majority of computers.

"Once it has found out which operating system you are running, the Java class file will download the appropriate flavor of malware, with the intention of opening a backdoor that will give hackers remote access to your computer," explained Graham Cluley, senior technology consultant with Sophos.

Malware


On a Mac, the new malware is defined as "Backdoor:OSX/GetShell.A. According to F-Secure, it is a PowerPC binary, which means users running a modern, Intel-based Mac must also have Rosetta installed.

While rare, cross-platform malware attacks are not unheard of. In 2010, a Trojan known as "trojan.osx.boonana.a" was a Java-based exploit that affected both Macs running OS X, as well as Windows PCs.

As Apple's Mac platform has grown in popularity and outpaced the PC market as a whole, the OS X platform has become a bigger target for hackers. Last month, Apple opted to tone down promotional language on its website that once claimed the Mac "doesn't get PC viruses." Apple's website now says that OS X is "built to be safe."

That change was made just a few months after more than 600,000 Macs were estimated to have been infected by a trojan horse named "Flashback." More than half of the Macs believed to be infected by the botnet were found in the U.S. alone before Apple aggressively released a series of software updates to quash the malware.
post #2 of 68
First Flash, now Java… what else is total crap that we can get rid of?

OS X shouldn't have to suffer this nonsense.

Originally Posted by Slurpy

There's just a TINY chance that Apple will also be able to figure out payments. Oh wait, they did already… …and you’re already fucked.

 

Reply

Originally Posted by Slurpy

There's just a TINY chance that Apple will also be able to figure out payments. Oh wait, they did already… …and you’re already fucked.

 

Reply
post #3 of 68
I'm surprised the 'Continue' button is shown as the default on the Mac dialog. The default is usually the safest option in my experience.
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
post #4 of 68

Never accept self-trusted certs, or certs with issues of any kind, like having untrusted root CAs. Even if you trust the hosting website, which can be hacked.

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #5 of 68
Quote:
Originally Posted by Tallest Skil View Post

First Flash, now Java… what else is total crap that we can get rid of?
OS X shouldn't have to suffer this nonsense.

 

Yep, unless you bare in business, you shouldn't even have Java installed, or turned on.  The average user doesn't need it for squat.  

post #6 of 68
Quote:
Originally Posted by Suddenly Newton View Post

Never accept self-trusted certs, or certs with issues of any kind, like having untrusted root CAs. Even if you trust the hosting website, which can be hacked.

 

Except every University or large corporation I've ever visited or worked for has self-trusted and sometimes unsigned certificates from time to time.  The reality is that you just have to trust sometimes.  

 

I think the real problem here is Java.  

post #7 of 68

These social engineering tricks and malware scams are targeting dumb people, because that's what somebody has to be, in order to get tricked by this.

 

ComuTV? And it says right there in very red letters, "This root certificate is not to be trusted". If somebody clicks "continue", then they only have themselves to blame.

post #8 of 68
Quote:
Originally Posted by digitalclips View Post

I'm surprised the 'Continue' button is shown as the default on the Mac dialog. The default is usually the safest option in my experience.

It should be, but is often neglected. I would suggest submitting a bug report to Apple if you observe that in real life.

Meanwhile, it's a common failing. For example, on this site, when you log in, the 'remember ID and password' is checked by default and shouldn't be.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #9 of 68

Since it is PowerPC code for Macs, it shouldn't affect anyone running Lion (since Rosetta was removed) and only people who opted to install Rosetta on Snow Leopard.

post #10 of 68
So let me get this straight. In order for a Mac to get infected you A) must have Java installed AND active and B) you must have Rosetta installed and C) you have to fall for the malware social engineering ploy.

I'm running Lion with Java installed but not turned on. Since The latest Java update turns Java off by default and will turn it off if inactive after a period of time I wonder how many Macs will be vulnerable.
post #11 of 68
Quote:
Originally Posted by "Apple 
[" url="/t/151217/new-java-malware-attacks-apples-os-x-along-with-windows-linux#post_2144766"]These social engineering tricks and malware scams are targeting dumb people, because that's what somebody has to be, in order to get tricked by this.

ComuTV? And it says right there in very red letters, "This root certificate is not to be trusted". If somebody clicks "continue", then they only have themselves to blame.

If there were no "dumb" people in the world we wouldn't need a GUI would we. The whole idea of personal computing is to make the technology useable by all. The "smart" people in some ways are responsible for keeping the "dumb" people safe in spite of themselves.
post #12 of 68
Quote:
Originally Posted by Suddenly Newton View Post

Never accept self-trusted certs, or certs with issues of any kind, like having untrusted root CAs. Even if you trust the hosting website, which can be hacked.

That doesn't even help you. There are plenty of less reputable CA's that might sign a certificate for something that isn't above-board. Hopefully bank0famerica.com wouldn't get through any more, or other similar typo-squats, but have you ever looked at the list of default root CAs installed on your machine? It is a trust chain, and if you don't trust the people at the top.

Then there is the problem of appliances with self-signed certs, like routers and VOIP phones. What if someone placed malware on them-- to administer you need to trust the cert.

About all you can do is compartmentalize risk. That is getting harder and harder to do when companies track not only cookies and IP addresses but linked behavior with other sites. I can't find a practical solution for that yet other than using an untrusted account on a non-critical server with a different user and password database than the critical servers for VNC/ssh access.
post #13 of 68
Quote:
Originally Posted by Tallest Skil View Post

First Flash, now Java… what else is total crap that we can get rid of?
OS X shouldn't have to suffer this nonsense.

 

To be fair, this is not exploiting a security weakness in Java. It's exploiting a weakness in users. If you're dumb enough to download a random file from the internet, and run it despite security warnings, then it doesn't matter what language it's written it.

post #14 of 68
Quote:
Originally Posted by lkrupp View Post


If there were no "dumb" people in the world we wouldn't need a GUI would we. The whole idea of personal computing is to make the technology useable by all. The "smart" people in some ways are responsible for keeping the "dumb" people safe in spite of themselves.

Sure, I don't disagree, but there are limits as to how much technology can protect a person. At the end of the day, each person has to be responsible for what they do.

 

If a person is likely to get scammed through the telephone or by a door salesman or by an email from Nigeria, then they are a likely candidate to also get scammed by this malware.

post #15 of 68
Quote:
Originally Posted by Suddenly Newton View Post

Never accept self-trusted certs, or certs with issues of any kind, like having untrusted root CAs. Even if you trust the hosting website, which can be hacked.

That's exactly right, no offense but if you fall victim to this ploy it isn't like there weren't signs something was up.  Does "not trusted" mean anything to anyone?  

 

Considering Java also isn't installed by default on new Macs this is really a non-issue.  Linux is actually more at risk than OS X here since java is installed by default on most Linux distros.

 

10.8 will bring welcome features for personal & corporate alike since it will let you restrict not only to the app store but also to external developers so long as they have a valid developer cert from Apple.

post #16 of 68
Quote:
Originally Posted by lkrupp View Post

If there were no "dumb" people in the world we wouldn't need a GUI would we. The whole idea of personal computing is to make the technology useable by all. The "smart" people in some ways are responsible for keeping the "dumb" people safe in spite of themselves.

Really. I don’t care how smart you are it’s just simply less protuctive to try working in a command line world. Please don’t make stuff up. Thank you.

Which of us is the fisherman and which the trout?

Reply

Which of us is the fisherman and which the trout?

Reply
post #17 of 68
Quote:
Originally Posted by Rennaisance View Post

 

To be fair, this is not exploiting a security weakness in Java. It's exploiting a weakness in users. If you're dumb enough to download a random file from the internet, and run it despite security warnings, then it doesn't matter what language it's written it.

 

There's a tendency to assume an attitude of arrogance in fields where one has a degree of expertise. This isn't about being dumb, it's about exploiting lack of knowledge and bad habits instilled by daily work with computers. People get conditioned into clicking OK or Continue (especially on Windows) just to be able to get work done. After a while all those permissions dialogs just become noise that most people don't even read, mainly because even when they do, they don't understand what the dialogs are saying. (This is the fundamental flaw in, say, Android's permissions system. I'll bet most Android users have no idea what they are granting apps access to, all they know is that they have to allow stuff if they want it to run.)

 

I think this points out the advantages of iOS and the direction Apple is going with sandboxing on OS X. The operating system does need to protect users from these sorts of exploits.

post #18 of 68
Quote:
Originally Posted by hezetation View Post

Considering Java also isn't installed by default on new Macs this is really a non-issue.  Linux is actually more at risk than OS X here since java is installed by default on most Linux distros.

 

10.8 will bring welcome features for personal & corporate alike since it will let you restrict not only to the app store but also to external developers so long as they have a valid developer cert from Apple.

There are still a LOT of people on Snow Leopard (with Rosetta installed), and will be for some time. The direction Lion and ML have gone has stopped many people from upgrading, at least for now.

post #19 of 68
++++++++

Exactly! This could just as well be a nicely compiled Mac binary file.

As a side note people seem to want to resist some of Mountain Lions new security features but yet we see here clear reasons for Apple to tighten up on security. As incentives increase for people to exploit weaknesses in the OS we will see more security issues. We can all be thankful that this one requires the user to make a few mistakes to execute.
Quote:
Originally Posted by Rennaisance View Post

To be fair, this is not exploiting a security weakness in Java. It's exploiting a weakness in users. If you're dumb enough to download a random file from the internet, and run it despite security warnings, then it doesn't matter what language it's written it.
post #20 of 68

Deleted by self.

 

And no that's not an object oriented post.  Sheesh!


Edited by PXT - 7/11/12 at 8:43am

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Reply

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Reply
post #21 of 68
Quote:
Originally Posted by Apple ][ View Post

These social engineering tricks and malware scams are targeting dumb people, because that's what somebody has to be, in order to get tricked by this.

 

ComuTV? And it says right there in very red letters, "This root certificate is not to be trusted". If somebody clicks "continue", then they only have themselves to blame.

You don't have to be dumb.

 

You just have to be someone that doesn't work in tech and doesn't spend their spare time on sites like AppleInsider.

 

Statistically, that's everyone.

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Reply

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Reply
post #22 of 68
Just what is this direction that has people so upset with Lion and Mountain Lion that they won't upgrade? Seriously I've yet to hear a sound explanation for this resistance. Considering the security related nature of this thread people should be looking kindly upon Mountain Lion as it tightens things up considerably.
Quote:
Originally Posted by elroth View Post

There are still a LOT of people on Snow Leopard (with Rosetta installed), and will be for some time. The direction Lion and ML have gone has stopped many people from upgrading, at least for now.
post #23 of 68
Quote:
Originally Posted by PXT View Post

Deleted by self.

And no that's not an object oriented post!  Sheesh!

You want to click Quote. Reply does absolutely nothing.

Originally Posted by Slurpy

There's just a TINY chance that Apple will also be able to figure out payments. Oh wait, they did already… …and you’re already fucked.

 

Reply

Originally Posted by Slurpy

There's just a TINY chance that Apple will also be able to figure out payments. Oh wait, they did already… …and you’re already fucked.

 

Reply
post #24 of 68

It would be interesting to see some statistics at some time point that would show how many macs, pcs and linux boxes were affected, percentage wise.

post #25 of 68
Quote:
Originally Posted by PXT View Post

You don't have to be dumb.

 

You just have to be someone that doesn't work in tech and doesn't spend their spare time on sites like AppleInsider.

 

Statistically, that's everyone.

 

I don't think that somebody has to work in tech or be a computer expert to have common sense. Everybody should know that there are a ton of criminals lurking on the internet and they are looking to steal your money. There's no excuse for even the most computer illiterate person to not know that. I don't really see this scam as much different than getting scammed using more traditional methods, such as a scammer calling somebody on the telephone.

post #26 of 68

According to the article, Lion isn't affected. It's a PowerPC binary, and Apple dropped Rosetta support in Lion. So unless someone has gone to the extraordinary effort to get Rosetta running under Lion, there appears to be no impact.

post #27 of 68

When I'm dictator, I'm going to remove the letter J from the alphabet. Any technology that includes the letter J will be banned.

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Reply

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Reply
post #28 of 68
Quote:
Originally Posted by PXT View Post

When I'm dictator, I'm going to remove the letter J from the alphabet. Any technology that includes the letter J will be banned.

So long, Objective-C.

Originally Posted by Slurpy

There's just a TINY chance that Apple will also be able to figure out payments. Oh wait, they did already… …and you’re already fucked.

 

Reply

Originally Posted by Slurpy

There's just a TINY chance that Apple will also be able to figure out payments. Oh wait, they did already… …and you’re already fucked.

 

Reply
post #29 of 68
Quote:
Originally Posted by AppleInsider View Post

On a Mac, the new malware is defined as "Backdoor:OSX/GetShell.A. According to F-Secure, it is a PowerPC binary, which means users running a modern, Intel-based Mac must also have Rosetta installed.
So it's a power PC binary, so it won't run on Lion or Mountain Lion. Got it.
post #30 of 68
Quote:
Originally Posted by Apple ][ View Post

These social engineering tricks and malware scams are targeting dumb people, because that's what somebody has to be, in order to get tricked by this.

 

ComuTV? And it says right there in very red letters, "This root certificate is not to be trusted". If somebody clicks "continue", then they only have themselves to blame.

This is more serious than the issue of dumb people. Java executions should be sandboxed. I sounds like, at least for some versions of Java, users are able to install and execute either native libraries that Java will access to Java code using JNDI to get unlimited access to the machine. 

 

However, is PowerPC and Rosetta still important. I haven't missed Rosetta since it was pulled from the OS and I haven't missed the programs that utilized it.

post #31 of 68
Quote:
Originally Posted by Povilas View Post


Really. I don’t care how smart you are it’s just simply less protuctive to try working in a command line world. Please don’t make stuff up. Thank you.

Maybe you shouldn't make stuff up, either.  The command line and the gui both have their place, and there are things one can do on the command line far faster and more easily than in a gui--and vice versa.

post #32 of 68
Quote:
Originally Posted by Gazoobee View Post

 

Yep, unless you bare in business, you shouldn't even have Java installed, or turned on.  The average user doesn't need it for squat.  

While that is an admirable position to take it doesn't seem practical.  My Etrade streaming quotes app is Java, Vimeo uses Java, Ebay uses Java, many Wordpress themes use Java.  I can only assume there are many thousands of other ways Java is still used.  It may be some time before most can take your advice.

post #33 of 68
Quote:
Originally Posted by Tallest Skil View Post

First Flash, now Java… what else is total crap that we can get rid of?
OS X shouldn't have to suffer this nonsense.

 

How did i know some ignorant person would be the first person to jump in and troll flame java on this. Yes, please apple, strip us of all the things that make OS X worth using! Next, please remove Apache, PHP, and Ruby! Afterwards, find a way to yank our access to the terminal! Maybe next, yank our ability to write apps using anything but apple tech, because that will certainly make the Mac a worthwhile platform... surely.

 

BILE! 

Groupthink is bad, mkay. Think Different is the motto.
Reply
Groupthink is bad, mkay. Think Different is the motto.
Reply
post #34 of 68
Quote:
Originally Posted by WelshDog View Post

While that is an admirable position to take it doesn't seem practical.  My Etrade streaming quotes app is Java, Vimeo uses Java, Ebay uses Java, many Wordpress themes use Java.  I can only assume there are many thousands of other ways Java is still used.  It may be some time before most can take your advice.

 

Everything uses Java. People don't respect Java because the apps they use that run on it don't have big JavaTM logos all over them. Apple made a good move to put the onus on Oracle to push the Java updates to the Mac and bring feature parity to that of linux and windows for their dev platform, but talking about banishing Java or Flash or any other programming language just shows how ill-informed people are. I'd fully expect these were the same people blindly riding the Sony or Windows bandwagons years ago, championing a cause not worth it's weight in dog hair. 

Groupthink is bad, mkay. Think Different is the motto.
Reply
Groupthink is bad, mkay. Think Different is the motto.
Reply
post #35 of 68
Quote:
Originally Posted by elroth View Post

There are still a LOT of people on Snow Leopard (with Rosetta installed), and will be for some time. The direction Lion and ML have gone has stopped many people from upgrading, at least for now.

Actually according to Omni Software Update Statistics, the percentage of PowerPC users was less than 3% as of 2009, and how many people are still using Rosetta on Snow Leopard? Just because people might be unable to upgrade to Lion doesn't mean they're needing to use Rosetta to run 6+ year old PowerPC apps. If one must though, maybe consider disabling Java or don't bypass the warnings and install unknown java content.
post #36 of 68
Quote:
Originally Posted by AppleInsider View Post

On a Mac [...] users running a modern, Intel-based Mac must also have Rosetta installed.

 

That's a relief.  I'd guess that about 99% of the Intel-based Macs out there do not have Rosetta installed.

 

IIRC, Java was deprecated as of OS X 10.6 and the JRE wasn't even bundled in 10.7 and 10.8.

Not sure though.  I don't keep up on legacy programming languages like Java, FORTRAN, etc.

Sent from my iPhone Simulator

Reply

Sent from my iPhone Simulator

Reply
post #37 of 68

I think it’s clever that even IF you turn on Java on a Mac, if you don’t use it for a long enough while, it gets turned back off.

 

As far as I know, though, that applies specifically to applets, not Safari? Safari Java should disable after non-use as well, if it doesn’t already.

 

(Once every other year someone wants to do a Cisco WebEx conference with me. Java. Ugh! The only time I ever enable it.)

post #38 of 68
Quote:
Originally Posted by WelshDog View Post

While that is an admirable position to take it doesn't seem practical.  My Etrade streaming quotes app is Java, Vimeo uses Java, Ebay uses Java, many Wordpress themes use Java.  I can only assume there are many thousands of other ways Java is still used.  It may be some time before most can take your advice.

 

Yeah, well it's the same argument as Flash two years ago though.  Not one of the places you mention actually *needs* to use Java to do the things the particular site does.  These sites use Java because it's easier and they are lazy or stuck in the past or have a developer that thinks Java is the bees knees etc.  

 

Just like the situation with Flash, they won't stop using Java on these sites, until enough people disable Java and thus complain.  

post #39 of 68
Quote:
Originally Posted by anonymouse View Post

 

There's a tendency to assume an attitude of arrogance in fields where one has a degree of expertise. This isn't about being dumb, it's about exploiting lack of knowledge and bad habits instilled by daily work with computers. 

 

Yes, I certainly agree with you here. OS's can and should be improved to prevent this from happening, just like Apple is doing with Gatekeeper in Mountain Lion.

 

My point was that it's a bit unfair to frame this as a Java problem as it's not exploiting an actual weakness or security flaw in Java. This could just as easily be a rogue native app.

post #40 of 68

Without Java there would be no iTunes, no iCloud, no Apple Store... people that think that Java is obsolete are ignorant.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › New Java malware attacks Apple's OS X along with Windows, Linux