Security researchers have found a live Web exploit that detects if the target is running Windows, Mac OS X, or Linux and drops a different trojan for each platform.
The attack was spotted by researchers from antivirus provider F-Secure on a Columbian transport website, presumably after third-party attackers compromised it. The unidentified site then displayed a signed Java applet that checked if the users computer is running Windows, Mac OS X, or Linux. Based on the outcome, the attack then downloads the appropriate files for each platform.
“All three files for the three different platforms behave the same way,” the researchers wrote in a blog post. “They all connect to 220.127.116.11 to get additional code to execute. The ports are 8080, 8081, and 8082 for OS X, Linux, and Windows respectively.”