Researchers at F-Secure have
uncovered a new exploit that attempts to install a backdoor malware program on Windows, Linux, and OS X machines. As with other malware, this uses social engineering approaches to try tricking users, but in addition it runs a check to see what operating system the user is running and then issues a malware installer for that platform.
The attack was found on a Columbian transport Web site, where once visited, a Java applet would run using a self-signed certificate. On all platforms this certificate will flag a warning that notifies the user it is not from an authorized signing agency, but if the user continues to execute the Java applet then it will download a binary for the respective platform, which will connect to a server and download additional components of the attach, using TCP ports 8080 for OS X, 8081 for Linux, and 8082 for Windows.
