View Single Post
03 Nov 2012  
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
Jacksbot Java malware can take control of Windows, Mac, and Linux

Two weeks ago, Mac security software company Intego discovered malware which it classified as “a new Java backdoor trojan called Java/Jacksbot.A.” New threats are discovered all the time, but Intego later concluded that even though Jacksbot is a variant of the Java remote access tool (RAT) created by the jailbreaking group Redpois0n, it can target multiple platforms.

New Multiplatform Backdoor Jacksbot Discovered

A new Java backdoor trojan called Java/Jacksbot.A has been discovered that has partial multiplatform support. It is fully functional on Windows, and partially functional on OS X and Linux. This trojan is currently considered low risk as it is not known to have infected users, and it does not run without root permissions. Jacksbot has the usual backdoor functionality, including the following capabilities:
gathering system information
taking screenshots
performing denial of service attacks
deleting files
stealing passwords (including specifically Minecraft passwords)
visiting remote URLs, likely to perform Clickfraud

JACKSBOT Has Some Dirty Tricks up Its Sleeves

Contrary to initial reports, JACKSBOT may not be as low risk as initially thought. We noted some JACKSBOT infection in the wild, indicating that the people behind this multiplatform malware are saving their best tricks for last.

We analyzed the JACKSBOT backdoor family (specific detection name JAVA_JACKSBOT.A) that arrives as a Java application. Because it is a Java application, it can run on any platform that supports the Java Runtime Environment. When it was first reported, it was considered low risk and no actual infection was recorded. However, days after the report was released, Trend Micro successfully cleaned two infection counts; one in Australia and one in Malaysia. This indicates that the malware is now being distributed in the wild.

There is a possibility that this malware presents itself as a Minecraft modification to unsuspecting users as it contains the special command “MC” for stealing Minecraft passwords from the compromised system.

A Guy
My System SpecsSystem Spec