Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Web Exploit Found That Customizes Attack For Windows, Mac, and Linux

Soulskill posted more than 2 years ago | from the making-everyone-feel-special dept.

Security 204

phaedrus5001 writes with this quote from Ars: "Security researchers have found a live Web exploit that detects if the target is running Windows, Mac OS X, or Linux and drops a different trojan for each platform. The attack was spotted by researchers from antivirus provider F-Secure on a Columbian transport website, presumably after third-party attackers compromised it. The unidentified site then displayed a signed Java applet that checked if the user's computer is running Windows, Mac OS X, or Linux. Based on the outcome, the attack then downloads the appropriate files for each platform."

cancel ×

204 comments

Sorry! There are no comments related to the filter you selected.

Columbian transport website? (4, Funny)

Kenja (541830) | more than 2 years ago | (#40605121)

Is that where the "domestic pharmaceutical procurement facilitators" meet?

Re:Columbian transport website? (2, Informative)

Anonymous Coward | more than 2 years ago | (#40606523)

This is an open source tool called SET its used for penetration testers -- Applet code here -- https://svn.secmaniac.com/social_engineering_toolkit/src/webattack/java_applet/

Blah (5, Funny)

mystikkman (1487801) | more than 2 years ago | (#40605125)

When are the malware writers going to support BSD?

Re:Blah (1)

leaen (987954) | more than 2 years ago | (#40605165)

They do not support HURD

Re:Blah (4, Informative)

AliasMarlowe (1042386) | more than 2 years ago | (#40606365)

They don't even support Linux properly. Even if it's actually effective on Linux, you'd have to explicitly agree to run the exploit and then type in your password to install the stupid thing. And that would only work if you're in the sudoers group or logged in as root; otherwise, it's no go. What kind of malware is that???

Interesting note: although example screenshots were given for the malware on Windows and OSX, there were none for Linux. Maybe it does not work at all on Linux, and the code people are foaming over is just a leftover fragment for identifying the client OS.

Re:Blah (0, Offtopic)

sconeu (64226) | more than 2 years ago | (#40605237)

Never. Netcraft has confirmed it... BSD is dead.

Re:Blah (3, Interesting)

Gerzel (240421) | more than 2 years ago | (#40605995)

No it isn't. The largest BSD distro is Machintosh!

Re:Blah (1)

sconeu (64226) | more than 2 years ago | (#40606535)

Whoosh.

Re:Blah (1)

MickyTheIdiot (1032226) | more than 2 years ago | (#40605525)

They don't support Plan 9? What BS.

Re:Blah (2)

scialex (1283788) | more than 2 years ago | (#40606239)

We'll show them; The year of the Plan-9 desktop is at hand.

Re:Blah (3, Informative)

kiriath (2670145) | more than 2 years ago | (#40605583)

Well, OS X is built on BSD so technically they kinda do?

Re:Blah (5, Interesting)

hairyfeet (841228) | more than 2 years ago | (#40606119)

The sad part is the BSD guys would write them a thank you note for bothering to remember them.

So can we ALL just accept now there is no "Magical OS" that makes one immune from malware please? All OSes are EXTREMELY complex piles of code, having to support tens of thousands of drivers, scheduling and tasking, hell I doubt even Linus can tell you when you launch program Foo every single interaction that is taking place in the system, there is simply more there than any one person can know.

Now that the retard that made XP run by default as admin has been sent packing on the short bus all three major OSes have limited users, hell Windows even has the browser run as a low rights entity to help lower the risk. Now that all three major OSes have common sense defaults ultimately it all comes down to the USER and whether they will take the time to actually think or will simply allow anything to run. I've seen it a billion times in the shop, a fully patched and AVed machine get infected NOT because of the OS but because it was the USER that refused to listen to the warnings being given him/her and choosing instead to run it anyway.

At the end of the day the only foolproof way to get rid of malware is to take away the user's right to control their own machine, to instead stick them in a walled garden where only approved apps get run. i think we can all agree having some corporation own our machines would be a BAD thing so all we can do is warn users, try to make ever hardened systems, and be ready to clean up the messes when they happen. After Android became a hit it was only a matter of time before Linux got put in the crosshairs and now that day appears to be here and I for one will be interested to see how the community reacts.

lol (0, Informative)

Anonymous Coward | more than 2 years ago | (#40605145)

Java !

lol (-1)

Anonymous Coward | more than 2 years ago | (#40605941)

Your face !

COLOMBIAN....not "Columbian" (2, Informative)

Anonymous Coward | more than 2 years ago | (#40605179)

Please learn how to spell.

Re:COLOMBIAN....not "Columbian" (2, Informative)

Anonymous Coward | more than 2 years ago | (#40605321)

Maybe it was a website about the bus lines in Columbia, South Carolina.

Re:COLOMBIAN....not "Columbian" (2)

jsepeta (412566) | more than 2 years ago | (#40606059)

or run by the dedicated fanbois of Christopher Columbus?

Re:COLOMBIAN....not "Columbian" (0, Offtopic)

MightyYar (622222) | more than 2 years ago | (#40605355)

Since you are pedantic and might actually know why you are correcting someone - why is it that we can anglicize certain country names and not others. Why is it perfectly proper to Make Colon's name into Columbus, but the country named after him retains the "o" when spelled in English, even though place names inside of the US with the same origin are spelled with a "u"? We spell Brasil as Brazil, for instance.

Re:COLOMBIAN....not "Columbian" (2)

saveferrousoxide (2566033) | more than 2 years ago | (#40605481)

Because! Damnit. Though I would argue more for spelling proper nouns as the originator would spell them (assuming the phonetics work out -- and the alphabet, but transliteration is a whole different ballgame) since, ya know, it's their name an' all.

Re:COLOMBIAN....not "Columbian" (0)

Anonymous Coward | more than 2 years ago | (#40605855)

Yeah, we germans are deutsch and live in Deutschland. Get it right!

Re:COLOMBIAN....not "Columbian" (0)

Anonymous Coward | more than 2 years ago | (#40606303)

I just hope Colombian people start calling George Bush as Jorge Arbusto and George Washington as Jorge Güachinton.
If American can change the name of everything why the rest of the world can't?

Re:COLOMBIAN....not "Columbian" (0)

Anonymous Coward | more than 2 years ago | (#40605575)

I'd say learn how to READ! The original article seems to have properly spelled the name of the country. I don't know why an editor or poster would have had to change it.

Re:COLOMBIAN....not "Columbian" (3, Informative)

Baloroth (2370816) | more than 2 years ago | (#40605619)

Ironically, "Columbia" is the correct spelling in English (taken from "Columbus"). "Colombia" is the Spanish spelling (taken from "Colón"). Since English doesn't have the "ó", we use a "u" instead. Now, being a proper name you can use either (English is very flexible), but the English spelling is "Columbia".

Re:COLOMBIAN....not "Columbian" (0)

Anonymous Coward | more than 2 years ago | (#40606109)

Care to show any sources to support this statement when referring to the country in South America?

Re:COLOMBIAN....not "Columbian" (5, Informative)

John Hasler (414242) | more than 2 years ago | (#40606139)

Perhaps, but in American "Columbia" refers either to the river or to the district while "Colombia" refers to the nation in South America. "Columbia" is also an archaic term for the USA, as in "Columbia Gem of the Ocean".

Re:COLOMBIAN....not "Columbian" (2)

sosume (680416) | more than 2 years ago | (#40606203)

Wrong. Although both are named after Columbus, the US capital is the District of Columbia, whereas the South American country is Colombia. You have me feeding though.

Re:COLOMBIAN....not "Columbian" (2)

Cinder6 (894572) | more than 2 years ago | (#40605725)

I initially read this as "Coulombian transport website", which had me confused...

Re:COLOMBIAN....not "Columbian" (1)

mcgrew (92797) | more than 2 years ago | (#40606249)

Oh? [wikipedia.org]

Most Macs are probably immune. (0, Informative)

Anonymous Coward | more than 2 years ago | (#40605191)

Mac OS X doesn't ship with Java anymore.

Re:Most Macs are probably immune. (1)

Gr8Apes (679165) | more than 2 years ago | (#40605327)

That'd be news to the millions getting new macs and using Java.

Re:Most Macs are probably immune. (1)

Jesus_C_of_Nazareth (2629713) | more than 2 years ago | (#40605423)

Yeah, all those SAP and Oracle users. Maybe it has wider usage than I'm aware of, but the vast majority of use I see is enterprise. Of course this doesn't mean that it's not a problem. There are plenty of business users who are one step away from using Typex on their screens.

Re:Most Macs are probably immune. (4, Informative)

Yaztromo (655250) | more than 2 years ago | (#40605821)

That'd be news to the millions getting new macs and using Java.

The GP is correct. Apple stopped shipping Java with OS X with the release of Lion.

That said, if you try to run something the requires Java, OS X will offer to download and install it for you. However with the latest OS X updates the Java browser plug-in and Java Web Start are now disabled by default, and have to be explicitly enabled by the user in the Java Preferences app. And if they do explicitly enable it, it will auto-disable itself again if it hasn't been used in some time.

That's a lot of extra hoops to jump through to get this to work on a modern, up-to-date Mac. Then again, the people who develop and propagate malware such as this tend to target those who don't keep their systems up-to-date, ensuring it is still a concern for many users (with those at most risk being the ones least knowledgable to do much about it, or even be aware that anything is wrong).

Yaz

Re:Most Macs are probably immune. (1, Informative)

EliSowash (2532508) | more than 2 years ago | (#40605505)

Eh? How do you figure? Macs run Apple's version of Java...which means, they'd dutifully execute this applet. If you'd have said 'Mac users have to be running Rosetta in order to be infected' I'd give you your street cred back.

Re:Most Macs are probably immune. (2)

beelsebob (529313) | more than 2 years ago | (#40605665)

Macs do indeed run apple's version of java... If you have jumped through the hoops of clicking the "disabled plugin" button that replaces the applet, then typing in your password. Macs absolutely do not have to be running rosetta (a tech that doesn't even exist any more) to get infected, as neither Java, nor the binary delivered is a PPC binary.

Re:Most Macs are probably immune. (1)

Anonymous Coward | more than 2 years ago | (#40605793)

Eh? How do you figure? Macs run Apple's version of Java...which means, they'd dutifully execute this applet.

Because, as the OP said, Macs don't ship with Java anymore. It's not installed by default with the current version of Mac OS. Also, even if the user installs it, recent Mac OS security updates will actually disable it if it is not being actively used.

That is probably why the exploit only bothers to target obsolete versions of the OS X with Rosetta (or on PowerPC hardware.) A version for newer versions of OS X would be blocked before it could even get downloaded.

Re:Most Macs are probably immune. (2)

Ossifer (703813) | more than 2 years ago | (#40605879)

More correctly:

1. Macs ship with a hook that offers to install Java if you ever attempt to use it.

2. OSX does not disable Java itself, but the Safari application disables the use of Java applets. If you run Firefox, this doesn't happen at all.

Re:Most Macs are probably immune. (1)

Yaztromo (655250) | more than 2 years ago | (#40605909)

Eh? How do you figure? Macs run Apple's version of Java...which means, they'd dutifully execute this applet.

With OS X Lion, Apple stopped shipping Java with OS X. And with the latest revision, the ability to run Applets or Java Web Start is disabled by default, and has to be explicitly enabled (and even then will self-disable if you don't use it for some time).

So to amend your statement, Macs run Apple's version of Java -- if you've tried to run something written in Java, responded to the resulting pop-up that you'd like to download and install Java, entered an Admin password (or username and password if you're not running as admin), waited for Java to download and install, then went into the Java Preferences app, turned on the "Enable apple plug-in and Web Start applications" setting, closed the Preference app, and then gone back and reloaded the infected page...at which point they'd dutifully execute this applet.

(Older versions of OS X are, of course, still at risk from this sort of Java applet based attack vector).

Yaz

Re:Most Macs are probably immune. (2)

hobarrera (2008506) | more than 2 years ago | (#40606389)

Most Linux distros don't ships the java applet thingy either.

if (linux) (5, Funny)

Ynot_82 (1023749) | more than 2 years ago | (#40605243)

if(linux) { exec 'su - root' || die 'shit, I had to try something...'; }

Re:if (linux) (1)

Mr Z (6791) | more than 2 years ago | (#40605279)

These days, shouldn't it also try "sudo ./pwn" and/or "sudo -s"?

Re:if (linux) (2)

TheGratefulNet (143330) | more than 2 years ago | (#40605561)

no conditional checks for arduinos?

for shame! feeling so left out...

Malditos gringos! (-1)

Anonymous Coward | more than 2 years ago | (#40605251)

Colombia, dammit, Colombia!

Finally some multi-platform support (4, Funny)

GameboyRMH (1153867) | more than 2 years ago | (#40605265)

Now if only the major business software companies were this considerate...

Re:Finally some multi-platform support (1)

Idbar (1034346) | more than 2 years ago | (#40605617)

Yay! And they actually have Linux support! How amazing is that!?

Java = security nightmare (2, Insightful)

Anonymous Coward | more than 2 years ago | (#40605277)

"java applet".

So in other words, if you VOLUNTEER to run their malware, their malware runs. Wow. Whoda thunk it.

Java = security nightmare. javascript not much less so. Anyone halfway security conscious only runs scripts based on a whitelist of trusted sites.

Re:Java = security nightmare (1)

Gr8Apes (679165) | more than 2 years ago | (#40605349)

"java applet".

So in other words, if you VOLUNTEER to run their malware, their malware runs. Wow. Whoda thunk it.

Java = security nightmare. javascript not much less so. Anyone halfway security conscious only runs scripts based on a whitelist of trusted sites.

Java is not a security nightmare any more than C or assembly is, and generally less so. Stop spreading FUD.

Re:Java = security nightmare (0)

Anonymous Coward | more than 2 years ago | (#40605375)

True, but you can't run C in your browser...

Re:Java = security nightmare (1)

MikeBabcock (65886) | more than 2 years ago | (#40605507)

You can run straight up machine language with a stack overflow. Does that make machine language a security nightmare?

Jeez.

Re:Java = security nightmare (1)

Goaway (82658) | more than 2 years ago | (#40605927)

You can with NaCl on Chrome.

At this point I wouldn't be surprised if it was safer than Java, too.

Re:Java = security nightmare (5, Insightful)

amicusNYCL (1538833) | more than 2 years ago | (#40605543)

You're right, the Java programming language is not a security threat to computers in general. The Java Runtime Environment, and its various browser implementations, however, is definitely a threat. Just like PDF documents are not a threat, but Acrobat Reader is definitely a threat. See here [net-security.org] for proof (spoiler: Java was the #1 infection vector, at 37%; Acrobat #2 at 32%).

Re:Java = security nightmare (0)

Anonymous Coward | more than 2 years ago | (#40605747)

Most Java exploits are exploits with the various prebuilt library functionality that comes with Java, so sure, as a language in itself it isn't more of a security nightmare, if you use none of the offered functionality, otherwise, not so much.

Re:Java = security nightmare (1)

HarrySquatter (1698416) | more than 2 years ago | (#40606011)

It's not FUD. The JRE is one of the most vulnerable and exoitable pieces of software on a machine. If you don't believe me see Secunia for the number of vulnerabilities per version. It averages to nearly 200 per major version which is more than the average of the last 3 major versions of Flash Player.

Web exploit... (1)

Anonymous Coward | more than 2 years ago | (#40605305)

Oh noze... a web exploit for Linux! That asks you if you want to install it from within your web web browser. Yeah, your average Linux user will surely fall for that, even though it's not how we ever install software. Does it even work on Linux? The article had no screenshots of it running there, nor what version of Java (if any) it exploits.

Re:Web exploit... (-1, Troll)

jellomizer (103300) | more than 2 years ago | (#40605449)

You betcha. The average Linux user who thinks he is Ultra Tech Savvy, will be browsing the network think he is invincible, he would click on the link, to just laugh at all those Lame Mac and Windows users getting infected.
 

Re:Web exploit... (1)

jedidiah (1196) | more than 2 years ago | (#40605579)

The smug Linux user has likely taken steps to avoid running any random untrusted nonsense in a web browser.

Linux (1)

Anonymous Coward | more than 2 years ago | (#40605329)

Good luck with getting far on Linux, most people on there are nerds and geeks who know NOT to hand over root passwords just cos some program claims it needs it, and on up-to-date systems there won't be any known privilege escalation exploits.

Re:Linux (1, Insightful)

benjymouse (756774) | more than 2 years ago | (#40605847)

... and on up-to-date systems there won't be any known privilege escalation exploits.

Think again. An attacker following the kernel source tree will be able to figure out when exploitable bugs are being patched. While such bugs/fixes are generally not called out as security fixes at that time, they are nevertheless identifiable given a small investment.

And for many distros it takes weeks (sometimes months) for the fixes to come through to the "consumer". During that time (dubbed "high-risk days" by some researchers) the vulnerability information is in the open but systems have not yet been patched. Precisely because some patches are *not* called out as having security implications it has happened that some of the more stable distros have delayed the patch because they didn't see the urgency.

Someone determined to take down Linux desktop systems has recurring windows of opportunity because of the open nature of the kernel and the distro system.

Re:Linux (0)

Anonymous Coward | more than 2 years ago | (#40606299)

Your post is pure fantasy land. I hope you were humming the "Mission Impossible" theme while you were writing it.

Re:Linux (0)

Anonymous Coward | more than 2 years ago | (#40606331)

Think again. An attacker following the kernel source tree

omeone determined to take down Linux desktop systems has recurring windows of opportunity because of the open nature of the kernel and the distro system.

BWahahahahahahahaha...yeah, if it's so easy then why don't you go do it and show us. We'll be waiting, troll.

Re:Linux (1)

HarrySquatter (1698416) | more than 2 years ago | (#40606167)

You mean like the Linux kernel dev who had a trojan installed on his system and subsequently got kernel.org rooted by getting the trojan on two of the servers? Yeah, geeks never get malware on their systems. *rolls eyes*

Re:Linux (0)

Anonymous Coward | more than 2 years ago | (#40606423)

Never say never. The OP avoided an extreme example by using "most", while you countered with an extreme of "never". OP is correct, if vague, in that the potential for infection is far less given both the nature of the system and the people most likely to embrace/use it. You are attempting to change the scope of his argument by adjusting the language to a level of granularity that the OP did not imply.

Re:Linux (1)

Lorien_the_first_one (1178397) | more than 2 years ago | (#40606591)

Very interesting analysis.

wasn't that nice of them (1)

slashmydots (2189826) | more than 2 years ago | (#40605339)

Well, at least they made it run on Linux. Most software writers just don't bother to put in that kind of effort. Must be one classy virus writing operation over there to not leave any of the major OSes out lol.

Only older Macs. (5, Informative)

used2win32 (531824) | more than 2 years ago | (#40605353)

Quoted: "Surprisingly for such an advanced exploit, it was unable to infect modern Macs unless they were modified to run software known as Rosetta. The software allows Macs using Intel processors to run applications written for Macs using PowerPC processors, which were phased out about five years ago. Rosetta is no longer even supported on Lion, the most recent version of OS X."

Rosetta not supported on Lion and not installed by default in Snow Leopard.

So no current Macs and only older Macs that use Rosetta risk infection. That number has to be pretty low...

I don't any *nix user has much to worry about either...

Improvised Cyber Exploitation Device (0)

Anonymous Coward | more than 2 years ago | (#40605415)

This is really nothing new. I wrote an article called "Improvised Cyber Exploitation Devices" (http://infiltrated.net/index.php?option=com_content&view=article&id=33&Itemid=39 [infiltrated.net] ) that followed similar rules. In fact, anyone using mod_security or mod_rewrite can do the same. Redirect based on operating system/browser/etc. to a loaded page

Signed? (0)

mj1856 (589031) | more than 2 years ago | (#40605431)

If it was signed, go after those who signed it!

Just Checking (1)

carrier lost (222597) | more than 2 years ago | (#40605469)

So, if I haven't ordered any cocaine in the last couple of weeks, I should be okay?

Mac users got shafted (0)

Anonymous Coward | more than 2 years ago | (#40605473)

Actually, Mac users got a message that the malware developers were still working on the port and that no firm release date was yet available.

Who Allows All Java Applets? (1)

Anonymous Coward | more than 2 years ago | (#40605493)

I'm immune to this. I have to explicitly declare the host name that applets will be allowed from. If it's not configured, then the applet tag gets replaced with an HTML comment as it passes through the HTML filter. I'm doing this with an old client side firewall program called atguard, but I'm sure there are many others that do the same. As a result, I only run applets from web sites that I want to run. I see "download plugin" or grey boxes where all the applet ads would be or that are coming from sites that I didn't specifically go to. Why hostname-specific applet blocking isn't built into browsers is beyond me. Maybe it is on some of them...?

Interesting author in source code (5, Informative)

sl4shd0rk (755837) | more than 2 years ago | (#40605497)

If you google getParameter( "ILIKEHUGS" ); from the screen shot in TFA, you can find a java file which looks suspiciously like the one in TFA. I lold at the header comment. I don't think this is a 'new' exploit:
/**
  * Original Author: Thomas Werth
  * Modifications By: Dave Kennedy, Kevin Mitnick
  * This is a universal Applet which determintes Running OS
  * ...

Re:Interesting author in source code (1)

Anonymous Coward | more than 2 years ago | (#40605647)

Why does it need Java to determine the platform? It's right in the browser headers (most of the time anyway).

Re:Interesting author in source code (0)

Anonymous Coward | more than 2 years ago | (#40605989)

Since it depends on java in the first place it would be more effort to push the browser's info to the applet than to just re-detect it there.

Re:Interesting author in source code (0)

Anonymous Coward | more than 2 years ago | (#40606121)

Java runtimes don't lie to the same level. It's trivial to alter a browser's USER-AGENT string.

Re:Interesting author in source code (1)

amicusNYCL (1538833) | more than 2 years ago | (#40605667)

The exploit isn't determining which OS they are running. The dropper determines the OS and then delivers the payload for that OS. The exploit in the payload may be new, or it may be exploiting unpatched JREs.

Re:Interesting author in source code (0)

Anonymous Coward | more than 2 years ago | (#40605677)

But Kevin Mitnick isn't a bad guy anymore. He's just practicing "Adaptive Penetration Testing ..."

WTF (0)

medv4380 (1604309) | more than 2 years ago | (#40605795)

A whole commented class file for what? 1 line of code. Why would I comment something that should look like System.getProperty("os.name"); It's over coding like this that makes OOP worthless.

Re:Interesting author in source code (0)

Anonymous Coward | more than 2 years ago | (#40606405)

https://www.trustedsec.com/july-2010/thomas-werth-java-applet-open-sourced/

for reference

Infected Linux? (1)

mikeossur (2537430) | more than 2 years ago | (#40605641)

Are there any infected Linux or MAC machines or is this just another proof of concept virus?

Re:Infected Linux? (2)

marcosdumay (620877) | more than 2 years ago | (#40605931)

F-Secure wans't eager to tell us the details. It doesn't work anymore on OSX, no word about Linux.

Anyway, it wasn't a proof of concept. It was found on the wild.

Re:Infected Linux? (1)

jsepeta (412566) | more than 2 years ago | (#40606093)

because nobody in the wild tests their proof of concepts. programmers always use a sandbox feature for that.

not.

Re:Infected Linux? (0)

Anonymous Coward | more than 2 years ago | (#40606587)

Uhh not accurate, this is built into the Social-Engineer Toolkit and is open-source... It works on OSX and Linux.

Source (0)

Anonymous Coward | more than 2 years ago | (#40605669)

Only a matter of time before trojans are distributed in source format, then compiled on the target machine.

Re:Source (1)

tylutin (2575251) | more than 2 years ago | (#40605891)

Right, because most Windows machines have a C compiler installed ...

Re:Source (1)

tylutin (2575251) | more than 2 years ago | (#40606069)

woops, of course if the code is JAVA, then ...

Malware for Linux? (5, Funny)

Anonymous Coward | more than 2 years ago | (#40605733)

The year of the Linux desktop has arrived!

Advice anyone??? (-1)

Anonymous Coward | more than 2 years ago | (#40605735)

Okay gents, apologize for being OT but I'd like some advice. Most of the time around midday the office clears out and I can relax some. The co-workers all having a spot of tea and the like. So happens today I felt the urge to break wind since my cubicle mates are all out. Lo and behold I think I overdid it and probably shat myself. As a matter of fact I feel the seat of my pants sticking to my chair.

Now my co-workers are all starting to file back into the office from being away. What should I do? I don't have a spare set of trousers to take to the restroom. But I know I must be reeking by now. How can I sneak out and past my boss, who is now starting to make his way to my desk?

HELP!!!

Re:Advice anyone??? (-1)

Anonymous Coward | more than 2 years ago | (#40605889)

I have a sneeky suspicion this isn't real. Judging by your use of the word "Mates" you are either in Europe or Australia.

In America, the easiest way out is to pretend you just farted now just announce "Woowie! I think I just shit myself!" In a real redneck accent. It will be comical so everyone will just assume you were kidding and have made your way to grab a coffee or something (I don't know your office layout).

Then either go to the restroom and check out the job you made in your pants. If it's not too terrible, clean it out and try to find some air freshener or disinfectant spray and hope that nobody asks any questions.

Lets hope you have a Janitor (custodian) that will be nice enough to help you out.

Good luck.

Re:Advice anyone??? (1)

Jeng (926980) | more than 2 years ago | (#40606457)

It really is not complicated.

Get up, go to the bathroom, go to a stall, take off your underwear, wipe yourself off, put pants back on without your underwear, get out of the stall, throw away your soiled underwear and get back to work.

Anonymous Colombian (0)

Anonymous Coward | more than 2 years ago | (#40605745)

It is Colombian not Columbian...
It is in the title of the F-Prot document: "Multi-platform Backdoor Lurks in Colombian Transport Site".

How did you got that wrong?

Re:Anonymous Colombian (0)

Anonymous Coward | more than 2 years ago | (#40605787)

*F-Secure.

Re:Anonymous Colombian (1)

jjjhs (2009156) | more than 2 years ago | (#40605951)

About 100 or so people pointed that out already.

crap (0)

Anonymous Coward | more than 2 years ago | (#40605905)

They stole my idea! Maybe I should hire apple's legal team.

openjdk (0)

Anonymous Coward | more than 2 years ago | (#40606083)

implying that i would have java installed on my linux pcs

Is it just me or...? (0)

Anonymous Coward | more than 2 years ago | (#40606125)

I keep reading a lot of these security reports (not just here but on wired and stuff as well) and I can't help but laugh and go: "I thought this was *obvious*!?".

In this case I'm more inclined to say: Well, duh, this is why we use stuff like NoScript. To stop suspicious looking sites from doing bad stuff. So... Why is this such big news? O.o

So BSD users are safe? (1)

BLToday (1777712) | more than 2 years ago | (#40606145)

FreeBSD FTW.

very convincing (5, Funny)

Cyko_01 (1092499) | more than 2 years ago | (#40606165)

On linux you need to download the source code from the repository and compile it yourself

Re:very convincing (0)

Anonymous Coward | more than 2 years ago | (#40606475)

The source code is available here: https://svn.secmaniac.com/social_engineering_toolkit/src/webattack/java_applet/ -- Its an open framework.

Bastards (0)

Anonymous Coward | more than 2 years ago | (#40606267)

Where's the love for BeOS?

My Amiga 500 is safe (0)

Anonymous Coward | more than 2 years ago | (#40606291)

Commodore Business Machines FTW!!

This is The Social-Engineer Toolkit (0)

Anonymous Coward | more than 2 years ago | (#40606387)

This is the Social-Engineer Toolkit -- It's open source and available for free for penetration testers.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?