Linux vulnerability found in Web exploit

A hacked Colombian Transport website has been rigged to deliver a malware payload that is able to target Mac OS, Windows and even Linux systems, according to a report from F-Secure.

MORE SECURITY: Smartphone, tablet security and management guidelines on tap from NIST

Users will see a certificate warning, telling them that the website is attempting to run a signed applet with an invalid signature. If that warning is bypassed, F-Secure says, the malware checks the victim's computer, and downloads different malicious files based on what operating system it detects.

Regardless of what OS is present, however, the malware's subsequent behavior is the same -- it downloads additional files from a remote server and creates a backdoor on an infected machine. Interestingly, the Mac OS version is a PowerPC binary, which means that Intel-based Macs are immune in most cases.

According to the researchers, the backdoor may have been created with a freely available penetration testing suite known as the Social-Engineer Toolkit.

The malware, which F-Secure has dubbed GetShell.A, is unusual in a couple of ways. First, attacks against Linux are relatively rare in and of themselves. While some experts say that this is due largely to the framework's comparatively small user base -- at least, in terms of desktop users -- others argue that Linux is intrinsically more difficult to compromise than Mac OS and Windows. What's more, malware that targets multiple platforms at once is uncommon, though it does happen.

Nevertheless, CNET blogger Topher Kessler wrote that it's far from the most dangerous malware on the Web. He says that it's likely that the backdoor is the brainchild of less technically gifted hackers, and noted that the aforementioned PowerPC oversight would dramatically limit the malware's effectiveness against Macs.

Email Jon Gold at jgold@nww.com and follow him on Twitter at @NWWJonGold.

Read more about wide area network in Network World's Wide Area Network section.

This story, "Linux vulnerability found in Web exploit" was originally published by NetworkWorld.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies