Malicious Java app infects Mac, Linux systems with DDoS bot

“Criminals are once again using Java’s cross-platform design to add Linux and Mac users to their usual Windows target list, Kaspersky Labs researchers have discovered,” John E Dunn reports for PCWorld.

“The malicious Java application recently unearthed by the firm, HEUR:Backdoor.Java.Agent.a, is only the latest example of the opportunistic trend to use the huge potential of Java to get a malware three-for-one in the cause of turning systems into Distribued Denial of Service bots,” Dunn reports. “Once on the target system after hitting Java flaw CVE-2013-2465 (SE 7 Update 21 and earlier), patched last June, the malware sets up its command and control using IRC. According to Kaspersky, one of the targets on the receiving end of a DDoS attack might be an unnamed bulk email service.”

Dunn reports, “The cross-platform tactic isn’t new and in truth it’s hard to know whether the criminals behind it are more interested in attacking Linux and Macs or simply targeting Java’s numerous vulnerabilities on the greatest number of systems.”

Read more in the full article here.

[Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]


  1. I have 1 app that is irreplaceable and requires java, I use netbeans every now and then too.

    Enable java
    sudo chmod 755 /System/Library/Java/JavaVirtualMachines/
    Disable Java
    sudo chmod 000 /System/Library/Java/JavaVirtualMachines/

    All in all, java is a disgusting abomination that is the scourge of the web, shame people still use it. Not sure why python hasn’t killed it yet

    1. Keep in mind that if you’re NOT running Java in a web browser, you’re not going to run into most of the Java exploits. It’s the crap Oracle Java Internet plug-in that’s most dangerous and worth trashing.

      As for non-web Java applications, you’re probably fine! Just be certain you have verified the source of the software is safe.

      Don’t ever run any ‘mystery’ Java software or you’re asking for trouble. Oracle has destroyed Java sandboxing and I doubt it will ever be fixed.

  2. I was just on a humor photo website yesterday when a pop up window appeared (twice) informing me of a Java update. I ignored them and closed them both times, but I found out a little bit later that the site had done some redesign… so I thought it was possible it was legit notice. Now I’m not so sure.

    1. Oracle has a FAQ page about Java for Mac:

      Why will Applets not run after getting Java through Apple Software Update?
      Apple disables the Java plug-in and Webstart applications when the Java update is done using Software Update. Also, if the Java plug-in detects that no applets have been run for an extended period of time it will again disable the Java plug-in.

      As per Apple’s recent crap documentation team, (and yes, I’ve ranted at Apple about this many times), they have NOT provided any single coherent document about what they’ve done with the Java in recent versions of Safari. (If someone finds such a document, please link it here!) Instead, there is a scattered set of sort-of relevant documents at their website. I’ll link some below.

  3. Saw this on the discussion group attached to the article. Hope it helps. From Marcus77

    “What is the purpose of this piece?

    Is the purpose to warn the public of a significant malevolent Java threat, or is it something else?

    Is the purpose of the article to highlight those platforms affected, or is an attempt at something else?

    Java does not run as root on a well formed gnu/Linux system, if Java runs on a Gnu/Linux system at all. (same goes for Macs too).

    Java cannot do the types of things suggested by this article unless its running as root, and unless it has not been patched.

    Microsoft products are the only products that allow incoming scripts to run by default (maybe just because they are named correctly) . Macs and Gnu/Linux do not suffer from this kind of insanity.

    Is the point of the article (and all similar) to implicate Macs and Gnu/Linux in an all-to-common scenario of malware attacks Microsoft OS again… ?

    This scenario is not showing up in the wild on Gnu/Linux distros nor Macs. So, what is the point of the article?


  4. The gang of Mac security writers and researchers I belong to went over this ‘malware’ and came to this conclusion, so far:

    “HEUR:Backdoor.Java.Agent.a” is a GENERIC name used to describe something the heuristics engine of the anti-malware app found while running. It does NOT represent actual software/malware. As far as we can tell, there is no specific software/malware implicated. IOW: This may be merely a misidentification error. If we see this ‘malware’ given an actual name, then we’ll know its more than vaporware.

    Meanwhile: If you’re using an old version of Java, for whatever reason, and you computer is connected to the Internet, you’re crazy.

    Java is the single most dangerous software Mac users can install and run on their machines. Just Say No To Java.

    But if you’re forced to use Java, be certain it is as up-to-date as possible. Here is where you check:

    If you have Java installed and you’d like to disable the dangerous Internet plug-in, here is where to find it so you can trash it:

    /Library/Internet Plug-Ins/JavaAppletPlugin.plugin

    And keep in mind that Apple’s most recent versions of Safari prevent anything Java from loading until you, the user, approve it running. IOW: No more drive-by Java malware infections. Firefox also disables the Java plug-in entirely by default. You have to personally activate it to use it. Do don’t activate it.

  5. Mac OS X 10.9.1 Safari 7.0.1

    Open Safari Preferences:internet plug-ins:Manage Website settings.

    Select “questionable app.” and tell what actions to perform on what websites (Allow, Block, etc.)

    Assuming it works as depicted, very simple.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.