Users will see a certificate warning, telling them that the website is attempting to run a signed applet with an invalid signature. If that warning is bypassed, F-Secure says, the malware checks the victim's computer, and downloads different malicious files based on what operating system it detects.
Regardless of what OS is present, however, the malware's subsequent behavior is the same -- it downloads additional files from a remote server and creates a backdoor on an infected machine. Interestingly, the Mac OS version is a PowerPC binary, which means that Intel-based Macs are immune in most cases.
According to the researchers, the backdoor may have been created with a freely available penetration testing suite known as the Social-Engineer Toolkit.
The malware, which F-Secure has dubbed GetShell.A, is unusual in a couple of ways. First, attacks against Linux are relatively rare in and of themselves. While some experts say that this is due largely to the framework's comparatively small user base -- at least, in terms of desktop users -- others argue that Linux is intrinsically more difficult to compromise than Mac OS and Windows. What's more, malware that targets multiple platforms at once is uncommon, though it does happen.
Nevertheless, CNET blogger Topher Kessler wrote that it's far from the most dangerous malware on the Web. He says that it's likely that the backdoor is the brainchild of less technically gifted hackers, and noted that the aforementioned PowerPC oversight would dramatically limit the malware's effectiveness against Macs.
Email Jon Gold at firstname.lastname@example.org and follow him on Twitter at @NWWJonGold.
Read more about wide area network in Network World's Wide Area Network section.
This story, "Linux vulnerability found in Web exploit" was originally published by Network World.