“Criminals are once again using Java’s cross-platform design to add Linux and Mac users to their usual Windows target list, Kaspersky Labs researchers have discovered,” John E Dunn reports for PCWorld.
“The malicious Java application recently unearthed by the firm, HEUR:Backdoor.Java.Agent.a, is only the latest example of the opportunistic trend to use the huge potential of Java to get a malware three-for-one in the cause of turning systems into Distribued Denial of Service bots,” Dunn reports. “Once on the target system after hitting Java flaw CVE-2013-2465 (SE 7 Update 21 and earlier), patched last June, the malware sets up its command and control using IRC. According to Kaspersky, one of the targets on the receiving end of a DDoS attack might be an unnamed bulk email service.”
Dunn reports, “The cross-platform tactic isn’t new and in truth it’s hard to know whether the criminals behind it are more interested in attacking Linux and Macs or simply targeting Java’s numerous vulnerabilities on the greatest number of systems.”
Read more in the full article here.
[Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]