We have seen similar incidents in the past, may it be ad-related such as the Yahoo! incident, or directly involving the Java platform. It has been reported that a Java-based malware bot is currently ‘roaming’ around, infecting all three major operating systems: Windows, Mac OS X and Linux.
Researchers have revealed a fragment of botnet malware that is capable of infecting the latter mentioned OSes, being a cross-platform HEUR:Backdoor.Java.Agent.a, having been reported in a blog post published by Kaspersky Lab. It reportedly takes control of computers by exploiting CVE-2013-2465, a critical Java vulnerability which Oracle patched last June.
The Java vulnerability is said to be present on Java 7 Update 21 and earlier versions. Once the malware has infected the computer, it copies itself to the autostart directory of its respective platform to ensure it runs at every startup. Compromised computers then report to an Internet relay chat channel that acts as a command and control server.
It is reportedly designed to generate Distributed-Denial-of-Service, or DDnS, which targets the attacker wants to designate as a ‘target’, having it packed with ‘features’ such as setting the IP address, port number, intensity, and duration of attacks. The malware is said to be written entirely in Java, allowing it to run on Windows OS X and Linux machines. To make matters even worse, the bot incorporates PircBot, an IRC programming interface based on Java.
In addition to all that, the malware also is said to use Zelix Klassmaster obfuscator to prevent it from being reverse engineered by whitehat and competing blackhat hackers. Apart from obfuscating bytecode, Zelix encrypts some of the inner workings of the malware. It is extremely recommended to update to the latest Java 7 Update 51 found on Oracle’s official website here.