Cybercrooks have begun deploying a web exploit which detects whether the victim is running Windows, Mac OS or Linux before firing an appropriate Trojan.
The multi-platform backdoor was found on a Colombian Transport site by security researchers at F-Secure. The backdoor uses a JAR (Java ARchive file) to figure out if a user's machine is running Windows, Mac OS or Linux before downloading the appropriate files for the platform.
Surfers are tricked into agreeing to accept a malicious file under the guise that it is merely a benign applet.
All three malicious files are programmed to connect to a server in order to download additional components. No additional components were actually downloaded at the time F-Secure warned of the attack in a blog post on Monday afternoon.
F-Secure has reported both the command-and-control server and the hacked website to the appropriate authorities.
Attacks that attempt to figure out whether a surfer is using a Mac or a Windows machine before slinging exploits have been seen in a few cases in the past, mostly in association with scareware scams. Such dual-platform attacks remain rare. Multi-platform attacks are rarer still, hence the significance of F-Secure's find. ®