Cross-Platform Java Exploit Discovered

We always feared it could be possible, but hoped it would never come true.

Well, the day has finally arrived people. Batten down the hatches and get ready for another typhoon of malware to start flowing through the gates of Java, as hackers have finally discovered a method of attacking every possible OS: Windows, Mac OSX, and Linux, with only one solitary piece of code.

The researchers at Kaspersky Lab who discovered the bug have reason to believe its creators went to great lengths to achieve a true multi-platform crack, and suspect that whoever’s behind it is not your average gathering-of-script kiddies.

Oracle first discovered the weakened portion of their program, and were kind enough to name it CVE-2013-2465 before informing everyone the pathway was “easily exploitable” by anyone who might have some spare time and an interest in making a bit of money on the black market.

This new string of malware is capable of running freely on a sandboxed version of Java or the Java Web Start applet, rendering it perfectly vulnerable to a run-of-the-mill drive by attack. The nuts and bolts of the bot itself remain encrypted under lock and key by the Zelix Klassmaster standard, so thus far no one has been able to crack in and see exactly how the virus is able to work its magic.

The bot receives all of its inputs via a PircBot Java IRC client, laid on top of an open framework. At this point all the researchers have been able to gather about the new crack is its primary mission is to cast a wide net on as many bots as possible to be repurposed for tasks such as brute forcing through passwords or DDOS attacks, and that it’s capable of automatically designating specific IP addresses and designating where to allocate resources .

Be sure to keep an eye out for any variants of the HUER:BackdoorJava.Agent string on your personal antivirus software suite, and be sure to block all ports that Pirc uses to communicate with its central server back home.