New malicious Java app aims to infect Mac and Linux systems

It’s a long held belief that unless you are using the Windows platform, you are more or less immune to the average virus, trojan, or hack that you might encounter out in the wilds of the internet. There is some truth to the notion that Windows is more vulnerable to attacks, but there really is no such thing as safe, only safer. Check out this article on How-To Geek for a historical perspective on Windows’ malware woes. While Linux and OS X have more inherent defenses against infection, there are still some avenues that hackers can take advantage of to breach them, one of them being Java.

What is this Java you speak of?

Java is a programming language that developers can use to create programs that can run on any platform. Occasionally, someone will create a stand-alone program using Java for the sake of having it run on any machine, without having to develop a separate version to run on each platform. To the user, it looks and acts like any other application on their computer. Seems very handy doesn’t it? These programs aren’t the problem. More frequently, a web page will use Java to run a game or application from the web locally on your computer, generally within a browser window. These “applets” trigger Java on your computer which opens a “runtime environment” on your computer. Think of it like an empty application that launches from your hard drive and then waits for the programming that tells it what to do to be downloaded from somewhere out on the internet. Some of the advantages are, again, not having to program for each separate platform, updates are applied immediately guaranteeing everyone is using the same version, companies (for example) can run more complex programs that are integrated with their web sites.

So what is the problem if it’s so great?

Unfortunately, the Java plug-in for web browsers has a well known history of security problems, not the Java language itself. The company that maintains Java, Oracle, distributes updates to secure these vulnerabilities, but it sometimes takes a while before the update is available. Apple itself, a stickler for security, recently stopped development of its own flavor of Java (based on Oracle’s code) that was automatically installed with OS X, and went so far as to supply Mac users with an update that removed their Java components citing scheduling conflicts with Oracle’s updates. This required users who needed it to manually download and install the Java software from Oracle. In many cases, users that have never needed Java probably do not have it installed, but if it is you can follow these instructions to disable it.

Ok, thanks for the lesson, so what about this new problem?

What? Oh yes, that. Kaspersky Labs, a Russian company that develops software security products recently discovered a new variant of Java application that they labeled HEUR:Backdoor.Java.Agent.a. You can read the mind-spinning details here. Although malware written in Java is not new or uncommon, it appears that this “bot” may have been specifically been designed as a “3 for 1” attack, targeting Windows, Linux, AND OS X. The question on watchers’ minds is whether this is typical, yet opportunistic, piece of malware; or perhaps a new growing trend to aim for as many platforms as possible. No answers yet, but be on the lookout for an update to Java, or else disable it (at least for now) if you want to protect yourself.