Although the "news" is about a month old, it's still something of which ALL kinds of users should be aware:

Web-based malware determines your OS, then strikes

F-Secure

New malware that is spread via the Web, and is operating system-agnostic, has been discovered by researchers at F-Secure.

The malware uses social engineering by showing this "warning" (top version shown here is for Windows, the bottom is for Mac) when a user visits the tainted page and gets the "warning." [images at the link]

It doesn't matter which operating system you're using, says F-Secure; the file first "checks if the user's machine is running in Windows, Mac or Linux then downloads the appropriate files for the platform."

The payload? "Once it has found out which operating system you are running, the Java class file will download the appropriate flavor of malware, with the intention of opening a backdoor that will give hackers remote access to your computer," writes Sophos Security's Graham Cluley on that company's blog.

Topher Kessler of CNET's Blog Network notes that if "at any point you see a program, applet, or other resource attempt to use a self-signed certificate, then be sure you personally trust the source before using it (i.e., it is from a server you own or manage)."

Legitimate vendors will "use certificates signed by an authority like VeriSign, which authenticates to the root certificates in your system to ensure applets and other transactions with the service are legitimate and secure," he writes.

Cluley notes that this "isn't, of course, the first cross-platform malware that we have seen. For instance, in 2010 we saw the Boonana malware which similarly used a malicious Java applet to deliver a cross-platform attack that attempts to download further malware on Windows, Unix and Mac OS X."

With more malware attacks on Apple's OS in the past year, and ongoing strikes against Windows-based systems, "although the amount of malware written for different operating systems can vary, it's becoming increasingly hard to argue on any OS that it's safe to surf the Web without anti-virus protection," Cluley wrote. And it's hard to argue with that.

[end quote]

Note that this is the second fairly recent exploit that attacks ALL OPERATING SYSTEMS, and that has been in wide enough circulation to merit serious concern. While the malware probably has to include separate payload versions for each OS, the ability to determine what OS you're running is pretty simple, and Java (and some other "new" stuff people are experimenting with) probably makes it simpler for even the "script kiddies" to come up with this kind of attack. Expect more of the same.

Safe browsing habits are important for all, and are the "first line of defense. For those fools people who don't believe they need anti-malware defenses, AT THE VERY MINIMUM they should find a place to get a good AV scan and know how to get to it if their machine ever shows signs of being infected. And remember that an AV program is useless unless it's kept up to date, or can be downloaded "new and current" when needed.

A different malware form has also been reported recently that "steals all your information and then deletes everything" that is particularly malicious; but at present it's been found almost exclusively in "Arab countries" and hasn't been considered much of a threat in western regions. Since most malware takes extreme measures to avoid detection, the purpose of this one - that makes it rather obvious when an attack has occured - is still mostly unknown. The biggest hazard with it is that it only needs to get on a few machines that "talk to" machines in other places in order to spread everywhere, so watching for further reports is probably a good idea.

John