Researchers at Kaspersky have lifted the lid on a multi-platform botnet written in Java targeting machines running Windows, Mac OS, and Linux.
The attackers exploit CVE-2013-2465, an unspecified Runtime Environment vulnerability in Java SE 7 Update 21 and earlier, Java 6 Update 45 and earlier, 5 Update 45 and earlier, and OpenJDK 7. It can also be exploited from both Java Web Start applets and sandboxed Java, and configures itself to run at boot time.
Threat actors control the botnet over IRC to carry out DDoS attacks against victims via HTTP or UDP floods. They can also target a specific IP address and port, and vary the duration and volume of attack threads.
Despite the fact that Oracle patched the vulnerability in June 2013, the fact that this botnet marches on is yet more evidence that enterprises do not – or more likely given their current technology, cannot — manually scan their network traffic logs for signs of suspicious or unauthorized traffic.
And while in the past achieving this key network security objective was resource intensive and cost prohibitive, Seculert customers enjoy an affordable, scalable, automated, and comprehensive solution that includes 24/7 botnet protection.
Learn more about safeguarding your enterprise – click here.