02-01-2014 11:13 AM
Criminals are once again using Java’s cross-platform design to add Linux and Mac users to their usual Windows target list, Kaspersky Labs researchers have discovered.
The malicious Java application recently unearthed by the firm, HEUR:Backdoor.Java.Agent.a, is only the latest example of the opportunistic trend to use the huge potential of Java to get a malware three-for-one in the cause of turning systems into Distribued Denial of Service bots.
Once on the target system after hitting Java flaw CVE-2013-2465 (SE 7 Update 21 and earlier), patched last June, the malware sets up its command and control using IRC. According to Kaspersky, one of the targets on the receiving end of a DDoS attack might be an unnamed bulk email service.
It also deploys the Zelix Klassmaster obfuscator as a technique meant to frustrate analysis.
“In addition to obfuscating bytecode, Zelix encrypts string constants. Zelix generates a different key for each class—which means that in order to decrypt all the strings in the application, you have to analyze all the classes in order to find the decryption keys,” said Kaspersky Lab researcher, Anton Ivanov.