Java Bot Software Could Signal New Vector For Malware Authors

  /     /     /  
Publicated : 22/11/2024   Category : security


Java Bot Software Could Signal New Vector For Malware Authors


Flexible programming language offers some advantages for cybercriminals, researchers say



Pity todays cybercriminal. Sure, attackers can get by focusing on Windows -- but with the increasing market share of Mac OS X and the proliferation of smartphones, one operating system platform just doesnt seem like enough anymore.
Little wonder, then, that one enterprising group has started selling bot software based on the write-once-read-anywhere Java programming platform. Last week, McAfee
published details
of the software, dubbed Incognito, which the companys customers have encountered in the wild. The bot software is fairly standard fare, but the majority of its components are written in Java.
The move is likely a reaction to the increase in smartphones, such as Apples iPhone and those running numerous versions of Googles Android operating system. Combined with Apples expanding share of the personal computer market -- accounting for
approximately one of every six computers
in many nations -- this new trend makes a Windows-only approach less appealing for profiteers and criminals.
It is a tablet world right now; it is a mobile world right now, says David Marcus, director of security research and communications for McAfee. And thats where the bad guys are going to go because that is where the good guys are going. So this is about portable code.
Java is most famous for its goal of write once, run anywhere. With an expanding number of important platforms, malware developers could be delving into the possibilities of Java-based programs, Marcus says.
Incognito does not forge much new ground in terms of functionality. The bot software uses available Java libraries to allow an attacker to view an infected machine screen via screen capture and control the mouse and keyboard. In addition, the bot software can play video and MP3 files, as well as capture images from a compromised systems webcam.
Because its a relative rarity, Java-based malware could have success evading detection, said Carlos Castillo, a McAfee malware researcher who analyzed Incognito, in an email interview.
Stand-alone Java malware could be successful for targeted attacks because there is not much Java malware detected in the wild that we are seeing today, Castillo says.
Incognito is not the first time malware developers have used Java. Nearly a decade ago, attackers used a Java applet,
Sentinel
, to help portscan other computers for specific vulnerabilities and another,
AntiURL
, to launch denial-of-service attacks on websites.
Java-based malware is most useful for creating applets that can remotely take actions on the attackers behalf, rather than stealing data from the victims PC. For example, for the attacker to take control of an infected PC using Incognito, the victim must be fooled into allowing the remote software to communicate.
Java has a pretty robust sandboxing technology, so any code is still being executed inside the Java runtime and the Java sandbox, says Gunter Ollmann, vice president of research for network protection firm Damballa. It is much more difficult to break out of the sandbox and take control of the computer itself.
Ollmann expects Java trojans to still have utility for attackers, but not in the same way as many other bot programs. Using a victims computer as part of a denial-of-service botnet is one possibility; another is using compromised computers to fuel affiliate-based scams.
It could be used as a way to advance click fraud or other online fraud, where the code is executing on the computer and impersonating a user from that IP address, Ollmann says. The bad guys can then monetize those automated actions for their benefit.
There are drawbacks to Java: System differences make the portability problematic on some operating systems. Moreover, Java usage appears to be declining, to
77 percent of systems
, according to one estimate based on browsers.
Many security professionals argue that the decline of Java, which has been compromised in the past, is good for security. While sandboxing enhances Javas security, updating the software has been difficult -- leaving behind vulnerable versions on many systems, says Chester Wisniewski, senior security adviser for antivirus firm Sophos.
Im personally on an anti-Java tirade, he says. Its time to take Java off your darn computer.
Have a comment on this story? Please click Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Java Bot Software Could Signal New Vector For Malware Authors