Wubi Posted July 12, 2012 Report Share Posted July 12, 2012 Cross-platform Trojan : Mac, Windows, Linux - Nothing safe !Security researchers working for F-Secure have found a web exploit that detects the operating system of the computer and drops a different trojan to match.The attack was first seen on a Columbian transport website which had been hacked by a third party. This malware is known as GetShell.A and requires users to approve a Java applet installation.It detects if you're running Windows, Mac OS X, or Linux, and then downloads the corresponding malware for your platform. The malicious files developed for each type of OS connect to the same Command & Control server that F-Secure has localized at IP address 186.87.69.249.Karmina Aquino, a senior analyst with F-Secure said "All three files for the three different platforms behave the same way. They all connect to 186.87.69.249 to get additional code to execute. The ports are 8080, 8081, and 8082 for OSX, Linux and Windows, respectively."On upcoming 29th July 2012 Security Researchers Sina Hatef Matbue and Arash Shirkhorshidi going to Present "Graviton Malware" , which is Cross Platform Malware in 'The Hackers Conference 2012' . The purpose of 'graviton' is to become an artificial creature which can move between world of windows, world of apples, and world of empire penguins, etc. and remain stealth.The Windows one sends the following information back to the remote attacker's CPU details, Disk details, Memory usage, OS version, and user name. The Trojan can also download a file and execute it, or open a shell to receive commands. 'Graviton' is a combination of pure 'C' and 'asm'.The Hackers Conference 2012 is expected to be the first open gathering of Blackhat hackers in India who will debate latest security issues with the top itelligence echolons in India. The conference has sent special invites to Blackhat hackers to come and demonstrate their talent and help the security agencies bridge the knowledge gaps existing today.You can Register yourself here, to attend THC2012.http://thehackernews.com/2012/07/cross-platform-trojan-mac-windows-linux.html 1 Quote Link to comment Share on other sites More sharing options...
Nytro Posted July 12, 2012 Report Share Posted July 12, 2012 Dupa secole, "baietii rai" gandesc in perspectiva...Nu pare foarte profesional, dar e bine gandit: "The Trojan can also download a file and execute it, or open a shell to receive commands. 'Graviton' is a combination of pure 'C' and 'asm'.", ceea ce nu suna rau deloc. Quote Link to comment Share on other sites More sharing options...
M2G Posted July 12, 2012 Report Share Posted July 12, 2012 Codul acela nu prea arata a cod scris de profesionisti si e doar o parte mica din cod. Folosesc prea mult clasa string cand pot sa foloseasca StringBuilder. Atunci cand se modifica continutul unui string se sterg defapt datele de pe heap si se creaza alta zona de memorie pentru noile date => destul de ineficient pentru operatii mai complicate. Dupa care ii auzi cu chestii de genul "Java is slow". De asta se foloseste StringBuilder pentru ca acesta nu sterge zona de memorie din MV ci actioneaza ca un pointer dinspre zona stack catre heap si se inlocuieste doar valoarea din memorie referita de builder.Poate se descurca mai bine in C sau ASM. Quote Link to comment Share on other sites More sharing options...
