Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Web Exploit Found That Customizes Attack For Windows, Mac, and Linux

Soulskill posted about 2 years ago | from the making-everyone-feel-special dept.

Security 204

phaedrus5001 writes with this quote from Ars: "Security researchers have found a live Web exploit that detects if the target is running Windows, Mac OS X, or Linux and drops a different trojan for each platform. The attack was spotted by researchers from antivirus provider F-Secure on a Columbian transport website, presumably after third-party attackers compromised it. The unidentified site then displayed a signed Java applet that checked if the user's computer is running Windows, Mac OS X, or Linux. Based on the outcome, the attack then downloads the appropriate files for each platform."

cancel ×

204 comments

Columbian transport website? (4, Funny)

Kenja (541830) | about 2 years ago | (#40605121)

Is that where the "domestic pharmaceutical procurement facilitators" meet?

Re:Columbian transport website? (2, Informative)

Anonymous Coward | about 2 years ago | (#40606523)

This is an open source tool called SET its used for penetration testers -- Applet code here -- https://svn.secmaniac.com/social_engineering_toolkit/src/webattack/java_applet/

Blah (5, Funny)

mystikkman (1487801) | about 2 years ago | (#40605125)

When are the malware writers going to support BSD?

Re:Blah (1)

leaen (987954) | about 2 years ago | (#40605165)

They do not support HURD

Re:Blah (4, Informative)

AliasMarlowe (1042386) | about 2 years ago | (#40606365)

They don't even support Linux properly. Even if it's actually effective on Linux, you'd have to explicitly agree to run the exploit and then type in your password to install the stupid thing. And that would only work if you're in the sudoers group or logged in as root; otherwise, it's no go. What kind of malware is that???

Interesting note: although example screenshots were given for the malware on Windows and OSX, there were none for Linux. Maybe it does not work at all on Linux, and the code people are foaming over is just a leftover fragment for identifying the client OS.

Re:Blah (0, Offtopic)

sconeu (64226) | about 2 years ago | (#40605237)

Never. Netcraft has confirmed it... BSD is dead.

Re:Blah (3, Interesting)

Gerzel (240421) | about 2 years ago | (#40605995)

No it isn't. The largest BSD distro is Machintosh!

Re:Blah (1)

sconeu (64226) | about 2 years ago | (#40606535)

Whoosh.

Re:Blah (1)

MickyTheIdiot (1032226) | about 2 years ago | (#40605525)

They don't support Plan 9? What BS.

Re:Blah (2)

scialex (1283788) | about 2 years ago | (#40606239)

We'll show them; The year of the Plan-9 desktop is at hand.

Re:Blah (3, Informative)

kiriath (2670145) | about 2 years ago | (#40605583)

Well, OS X is built on BSD so technically they kinda do?

Re:Blah (5, Interesting)

hairyfeet (841228) | about 2 years ago | (#40606119)

The sad part is the BSD guys would write them a thank you note for bothering to remember them.

So can we ALL just accept now there is no "Magical OS" that makes one immune from malware please? All OSes are EXTREMELY complex piles of code, having to support tens of thousands of drivers, scheduling and tasking, hell I doubt even Linus can tell you when you launch program Foo every single interaction that is taking place in the system, there is simply more there than any one person can know.

Now that the retard that made XP run by default as admin has been sent packing on the short bus all three major OSes have limited users, hell Windows even has the browser run as a low rights entity to help lower the risk. Now that all three major OSes have common sense defaults ultimately it all comes down to the USER and whether they will take the time to actually think or will simply allow anything to run. I've seen it a billion times in the shop, a fully patched and AVed machine get infected NOT because of the OS but because it was the USER that refused to listen to the warnings being given him/her and choosing instead to run it anyway.

At the end of the day the only foolproof way to get rid of malware is to take away the user's right to control their own machine, to instead stick them in a walled garden where only approved apps get run. i think we can all agree having some corporation own our machines would be a BAD thing so all we can do is warn users, try to make ever hardened systems, and be ready to clean up the messes when they happen. After Android became a hit it was only a matter of time before Linux got put in the crosshairs and now that day appears to be here and I for one will be interested to see how the community reacts.

lol (0, Informative)

Anonymous Coward | about 2 years ago | (#40605145)

Java !

lol (-1)

Anonymous Coward | about 2 years ago | (#40605941)

Your face !

COLOMBIAN....not "Columbian" (2, Informative)

Anonymous Coward | about 2 years ago | (#40605179)

Please learn how to spell.

Re:COLOMBIAN....not "Columbian" (2, Informative)

Anonymous Coward | about 2 years ago | (#40605321)

Maybe it was a website about the bus lines in Columbia, South Carolina.

Re:COLOMBIAN....not "Columbian" (2)

jsepeta (412566) | about 2 years ago | (#40606059)

or run by the dedicated fanbois of Christopher Columbus?

Re:COLOMBIAN....not "Columbian" (0, Offtopic)

MightyYar (622222) | about 2 years ago | (#40605355)

Since you are pedantic and might actually know why you are correcting someone - why is it that we can anglicize certain country names and not others. Why is it perfectly proper to Make Colon's name into Columbus, but the country named after him retains the "o" when spelled in English, even though place names inside of the US with the same origin are spelled with a "u"? We spell Brasil as Brazil, for instance.

Re:COLOMBIAN....not "Columbian" (2)

saveferrousoxide (2566033) | about 2 years ago | (#40605481)

Because! Damnit. Though I would argue more for spelling proper nouns as the originator would spell them (assuming the phonetics work out -- and the alphabet, but transliteration is a whole different ballgame) since, ya know, it's their name an' all.

Re:COLOMBIAN....not "Columbian" (0)

Anonymous Coward | about 2 years ago | (#40605855)

Yeah, we germans are deutsch and live in Deutschland. Get it right!

Re:COLOMBIAN....not "Columbian" (0)

Anonymous Coward | about 2 years ago | (#40606303)

I just hope Colombian people start calling George Bush as Jorge Arbusto and George Washington as Jorge Güachinton.
If American can change the name of everything why the rest of the world can't?

Re:COLOMBIAN....not "Columbian" (0)

Anonymous Coward | about 2 years ago | (#40605575)

I'd say learn how to READ! The original article seems to have properly spelled the name of the country. I don't know why an editor or poster would have had to change it.

Re:COLOMBIAN....not "Columbian" (3, Informative)

Baloroth (2370816) | about 2 years ago | (#40605619)

Ironically, "Columbia" is the correct spelling in English (taken from "Columbus"). "Colombia" is the Spanish spelling (taken from "Colón"). Since English doesn't have the "ó", we use a "u" instead. Now, being a proper name you can use either (English is very flexible), but the English spelling is "Columbia".

Re:COLOMBIAN....not "Columbian" (0)

Anonymous Coward | about 2 years ago | (#40606109)

Care to show any sources to support this statement when referring to the country in South America?

Re:COLOMBIAN....not "Columbian" (5, Informative)

John Hasler (414242) | about 2 years ago | (#40606139)

Perhaps, but in American "Columbia" refers either to the river or to the district while "Colombia" refers to the nation in South America. "Columbia" is also an archaic term for the USA, as in "Columbia Gem of the Ocean".

Re:COLOMBIAN....not "Columbian" (2)

sosume (680416) | about 2 years ago | (#40606203)

Wrong. Although both are named after Columbus, the US capital is the District of Columbia, whereas the South American country is Colombia. You have me feeding though.

Re:COLOMBIAN....not "Columbian" (2)

Cinder6 (894572) | about 2 years ago | (#40605725)

I initially read this as "Coulombian transport website", which had me confused...

Re:COLOMBIAN....not "Columbian" (1)

mcgrew (92797) | about 2 years ago | (#40606249)

Oh? [wikipedia.org]

Most Macs are probably immune. (0, Informative)

Anonymous Coward | about 2 years ago | (#40605191)

Mac OS X doesn't ship with Java anymore.

Re:Most Macs are probably immune. (1)

Gr8Apes (679165) | about 2 years ago | (#40605327)

That'd be news to the millions getting new macs and using Java.

Re:Most Macs are probably immune. (1)

Jesus_C_of_Nazareth (2629713) | about 2 years ago | (#40605423)

Yeah, all those SAP and Oracle users. Maybe it has wider usage than I'm aware of, but the vast majority of use I see is enterprise. Of course this doesn't mean that it's not a problem. There are plenty of business users who are one step away from using Typex on their screens.

Re:Most Macs are probably immune. (4, Informative)

Yaztromo (655250) | about 2 years ago | (#40605821)

That'd be news to the millions getting new macs and using Java.

The GP is correct. Apple stopped shipping Java with OS X with the release of Lion.

That said, if you try to run something the requires Java, OS X will offer to download and install it for you. However with the latest OS X updates the Java browser plug-in and Java Web Start are now disabled by default, and have to be explicitly enabled by the user in the Java Preferences app. And if they do explicitly enable it, it will auto-disable itself again if it hasn't been used in some time.

That's a lot of extra hoops to jump through to get this to work on a modern, up-to-date Mac. Then again, the people who develop and propagate malware such as this tend to target those who don't keep their systems up-to-date, ensuring it is still a concern for many users (with those at most risk being the ones least knowledgable to do much about it, or even be aware that anything is wrong).

Yaz

Re:Most Macs are probably immune. (1, Informative)

EliSowash (2532508) | about 2 years ago | (#40605505)

Eh? How do you figure? Macs run Apple's version of Java...which means, they'd dutifully execute this applet. If you'd have said 'Mac users have to be running Rosetta in order to be infected' I'd give you your street cred back.

Re:Most Macs are probably immune. (2)

beelsebob (529313) | about 2 years ago | (#40605665)

Macs do indeed run apple's version of java... If you have jumped through the hoops of clicking the "disabled plugin" button that replaces the applet, then typing in your password. Macs absolutely do not have to be running rosetta (a tech that doesn't even exist any more) to get infected, as neither Java, nor the binary delivered is a PPC binary.

Re:Most Macs are probably immune. (1)

Anonymous Coward | about 2 years ago | (#40605793)

Eh? How do you figure? Macs run Apple's version of Java...which means, they'd dutifully execute this applet.

Because, as the OP said, Macs don't ship with Java anymore. It's not installed by default with the current version of Mac OS. Also, even if the user installs it, recent Mac OS security updates will actually disable it if it is not being actively used.

That is probably why the exploit only bothers to target obsolete versions of the OS X with Rosetta (or on PowerPC hardware.) A version for newer versions of OS X would be blocked before it could even get downloaded.

Re:Most Macs are probably immune. (2)

Ossifer (703813) | about 2 years ago | (#40605879)

More correctly:

1. Macs ship with a hook that offers to install Java if you ever attempt to use it.

2. OSX does not disable Java itself, but the Safari application disables the use of Java applets. If you run Firefox, this doesn't happen at all.

Re:Most Macs are probably immune. (1)

Yaztromo (655250) | about 2 years ago | (#40605909)

Eh? How do you figure? Macs run Apple's version of Java...which means, they'd dutifully execute this applet.

With OS X Lion, Apple stopped shipping Java with OS X. And with the latest revision, the ability to run Applets or Java Web Start is disabled by default, and has to be explicitly enabled (and even then will self-disable if you don't use it for some time).

So to amend your statement, Macs run Apple's version of Java -- if you've tried to run something written in Java, responded to the resulting pop-up that you'd like to download and install Java, entered an Admin password (or username and password if you're not running as admin), waited for Java to download and install, then went into the Java Preferences app, turned on the "Enable apple plug-in and Web Start applications" setting, closed the Preference app, and then gone back and reloaded the infected page...at which point they'd dutifully execute this applet.

(Older versions of OS X are, of course, still at risk from this sort of Java applet based attack vector).

Yaz

Re:Most Macs are probably immune. (2)

hobarrera (2008506) | about 2 years ago | (#40606389)

Most Linux distros don't ships the java applet thingy either.

if (linux) (5, Funny)

Ynot_82 (1023749) | about 2 years ago | (#40605243)

if(linux) { exec 'su - root' || die 'shit, I had to try something...'; }

Re:if (linux) (1)

Mr Z (6791) | about 2 years ago | (#40605279)

These days, shouldn't it also try "sudo ./pwn" and/or "sudo -s"?

Re:if (linux) (2)

TheGratefulNet (143330) | about 2 years ago | (#40605561)

no conditional checks for arduinos?

for shame! feeling so left out...

Malditos gringos! (-1)

Anonymous Coward | about 2 years ago | (#40605251)

Colombia, dammit, Colombia!

Finally some multi-platform support (4, Funny)

GameboyRMH (1153867) | about 2 years ago | (#40605265)

Now if only the major business software companies were this considerate...

Re:Finally some multi-platform support (1)

Idbar (1034346) | about 2 years ago | (#40605617)

Yay! And they actually have Linux support! How amazing is that!?

Java = security nightmare (2, Insightful)

Anonymous Coward | about 2 years ago | (#40605277)

"java applet".

So in other words, if you VOLUNTEER to run their malware, their malware runs. Wow. Whoda thunk it.

Java = security nightmare. javascript not much less so. Anyone halfway security conscious only runs scripts based on a whitelist of trusted sites.

Re:Java = security nightmare (1)

Gr8Apes (679165) | about 2 years ago | (#40605349)

"java applet".

So in other words, if you VOLUNTEER to run their malware, their malware runs. Wow. Whoda thunk it.

Java = security nightmare. javascript not much less so. Anyone halfway security conscious only runs scripts based on a whitelist of trusted sites.

Java is not a security nightmare any more than C or assembly is, and generally less so. Stop spreading FUD.

Re:Java = security nightmare (0)

Anonymous Coward | about 2 years ago | (#40605375)

True, but you can't run C in your browser...

Re:Java = security nightmare (1)

MikeBabcock (65886) | about 2 years ago | (#40605507)

You can run straight up machine language with a stack overflow. Does that make machine language a security nightmare?

Jeez.

Re:Java = security nightmare (1)

Goaway (82658) | about 2 years ago | (#40605927)

You can with NaCl on Chrome.

At this point I wouldn't be surprised if it was safer than Java, too.

Re:Java = security nightmare (5, Insightful)

amicusNYCL (1538833) | about 2 years ago | (#40605543)

You're right, the Java programming language is not a security threat to computers in general. The Java Runtime Environment, and its various browser implementations, however, is definitely a threat. Just like PDF documents are not a threat, but Acrobat Reader is definitely a threat. See here [net-security.org] for proof (spoiler: Java was the #1 infection vector, at 37%; Acrobat #2 at 32%).

Re:Java = security nightmare (0)

Anonymous Coward | about 2 years ago | (#40605747)

Most Java exploits are exploits with the various prebuilt library functionality that comes with Java, so sure, as a language in itself it isn't more of a security nightmare, if you use none of the offered functionality, otherwise, not so much.

Re:Java = security nightmare (1)

HarrySquatter (1698416) | about 2 years ago | (#40606011)

It's not FUD. The JRE is one of the most vulnerable and exoitable pieces of software on a machine. If you don't believe me see Secunia for the number of vulnerabilities per version. It averages to nearly 200 per major version which is more than the average of the last 3 major versions of Flash Player.

Web exploit... (1)

Anonymous Coward | about 2 years ago | (#40605305)

Oh noze... a web exploit for Linux! That asks you if you want to install it from within your web web browser. Yeah, your average Linux user will surely fall for that, even though it's not how we ever install software. Does it even work on Linux? The article had no screenshots of it running there, nor what version of Java (if any) it exploits.

Re:Web exploit... (-1, Troll)

jellomizer (103300) | about 2 years ago | (#40605449)

You betcha. The average Linux user who thinks he is Ultra Tech Savvy, will be browsing the network think he is invincible, he would click on the link, to just laugh at all those Lame Mac and Windows users getting infected.
 

Re:Web exploit... (1)

jedidiah (1196) | about 2 years ago | (#40605579)

The smug Linux user has likely taken steps to avoid running any random untrusted nonsense in a web browser.

Linux (1)

Anonymous Coward | about 2 years ago | (#40605329)

Good luck with getting far on Linux, most people on there are nerds and geeks who know NOT to hand over root passwords just cos some program claims it needs it, and on up-to-date systems there won't be any known privilege escalation exploits.

Re:Linux (1, Insightful)

benjymouse (756774) | about 2 years ago | (#40605847)

... and on up-to-date systems there won't be any known privilege escalation exploits.

Think again. An attacker following the kernel source tree will be able to figure out when exploitable bugs are being patched. While such bugs/fixes are generally not called out as security fixes at that time, they are nevertheless identifiable given a small investment.

And for many distros it takes weeks (sometimes months) for the fixes to come through to the "consumer". During that time (dubbed "high-risk days" by some researchers) the vulnerability information is in the open but systems have not yet been patched. Precisely because some patches are *not* called out as having security implications it has happened that some of the more stable distros have delayed the patch because they didn't see the urgency.

Someone determined to take down Linux desktop systems has recurring windows of opportunity because of the open nature of the kernel and the distro system.

Re:Linux (0)

Anonymous Coward | about 2 years ago | (#40606299)

Your post is pure fantasy land. I hope you were humming the "Mission Impossible" theme while you were writing it.

Re:Linux (0)

Anonymous Coward | about 2 years ago | (#40606331)

Think again. An attacker following the kernel source tree

omeone determined to take down Linux desktop systems has recurring windows of opportunity because of the open nature of the kernel and the distro system.

BWahahahahahahahaha...yeah, if it's so easy then why don't you go do it and show us. We'll be waiting, troll.

Re:Linux (1)

HarrySquatter (1698416) | about 2 years ago | (#40606167)

You mean like the Linux kernel dev who had a trojan installed on his system and subsequently got kernel.org rooted by getting the trojan on two of the servers? Yeah, geeks never get malware on their systems. *rolls eyes*

Re:Linux (0)

Anonymous Coward | about 2 years ago | (#40606423)

Never say never. The OP avoided an extreme example by using "most", while you countered with an extreme of "never". OP is correct, if vague, in that the potential for infection is far less given both the nature of the system and the people most likely to embrace/use it. You are attempting to change the scope of his argument by adjusting the language to a level of granularity that the OP did not imply.

Re:Linux (1)

Lorien_the_first_one (1178397) | about 2 years ago | (#40606591)

Very interesting analysis.

wasn't that nice of them (1)

slashmydots (2189826) | about 2 years ago | (#40605339)

Well, at least they made it run on Linux. Most software writers just don't bother to put in that kind of effort. Must be one classy virus writing operation over there to not leave any of the major OSes out lol.

Only older Macs. (5, Informative)

used2win32 (531824) | about 2 years ago | (#40605353)

Quoted: "Surprisingly for such an advanced exploit, it was unable to infect modern Macs unless they were modified to run software known as Rosetta. The software allows Macs using Intel processors to run applications written for Macs using PowerPC processors, which were phased out about five years ago. Rosetta is no longer even supported on Lion, the most recent version of OS X."

Rosetta not supported on Lion and not installed by default in Snow Leopard.

So no current Macs and only older Macs that use Rosetta risk infection. That number has to be pretty low...

I don't any *nix user has much to worry about either...

Improvised Cyber Exploitation Device (0)

Anonymous Coward | about 2 years ago | (#40605415)

This is really nothing new. I wrote an article called "Improvised Cyber Exploitation Devices" (http://infiltrated.net/index.php?option=com_content&view=article&id=33&Itemid=39 [infiltrated.net] ) that followed similar rules. In fact, anyone using mod_security or mod_rewrite can do the same. Redirect based on operating system/browser/etc. to a loaded page

Signed? (0)

mj1856 (589031) | about 2 years ago | (#40605431)

If it was signed, go after those who signed it!

Just Checking (1)

carrier lost (222597) | about 2 years ago | (#40605469)

So, if I haven't ordered any cocaine in the last couple of weeks, I should be okay?

Mac users got shafted (0)

Anonymous Coward | about 2 years ago | (#40605473)

Actually, Mac users got a message that the malware developers were still working on the port and that no firm release date was yet available.

Who Allows All Java Applets? (1)

Anonymous Coward | about 2 years ago | (#40605493)

I'm immune to this. I have to explicitly declare the host name that applets will be allowed from. If it's not configured, then the applet tag gets replaced with an HTML comment as it passes through the HTML filter. I'm doing this with an old client side firewall program called atguard, but I'm sure there are many others that do the same. As a result, I only run applets from web sites that I want to run. I see "download plugin" or grey boxes where all the applet ads would be or that are coming from sites that I didn't specifically go to. Why hostname-specific applet blocking isn't built into browsers is beyond me. Maybe it is on some of them...?

Interesting author in source code (5, Informative)

sl4shd0rk (755837) | about 2 years ago | (#40605497)

If you google getParameter( "ILIKEHUGS" ); from the screen shot in TFA, you can find a java file which looks suspiciously like the one in TFA. I lold at the header comment. I don't think this is a 'new' exploit:
/**
  * Original Author: Thomas Werth
  * Modifications By: Dave Kennedy, Kevin Mitnick
  * This is a universal Applet which determintes Running OS
  * ...

Re:Interesting author in source code (1)

Anonymous Coward | about 2 years ago | (#40605647)

Why does it need Java to determine the platform? It's right in the browser headers (most of the time anyway).

Re:Interesting author in source code (0)

Anonymous Coward | about 2 years ago | (#40605989)

Since it depends on java in the first place it would be more effort to push the browser's info to the applet than to just re-detect it there.

Re:Interesting author in source code (0)

Anonymous Coward | about 2 years ago | (#40606121)

Java runtimes don't lie to the same level. It's trivial to alter a browser's USER-AGENT string.

Re:Interesting author in source code (1)

amicusNYCL (1538833) | about 2 years ago | (#40605667)

The exploit isn't determining which OS they are running. The dropper determines the OS and then delivers the payload for that OS. The exploit in the payload may be new, or it may be exploiting unpatched JREs.

Re:Interesting author in source code (0)

Anonymous Coward | about 2 years ago | (#40605677)

But Kevin Mitnick isn't a bad guy anymore. He's just practicing "Adaptive Penetration Testing ..."

WTF (0)

medv4380 (1604309) | about 2 years ago | (#40605795)

A whole commented class file for what? 1 line of code. Why would I comment something that should look like System.getProperty("os.name"); It's over coding like this that makes OOP worthless.

Re:Interesting author in source code (0)

Anonymous Coward | about 2 years ago | (#40606405)

https://www.trustedsec.com/july-2010/thomas-werth-java-applet-open-sourced/

for reference

Infected Linux? (1)

mikeossur (2537430) | about 2 years ago | (#40605641)

Are there any infected Linux or MAC machines or is this just another proof of concept virus?

Re:Infected Linux? (2)

marcosdumay (620877) | about 2 years ago | (#40605931)

F-Secure wans't eager to tell us the details. It doesn't work anymore on OSX, no word about Linux.

Anyway, it wasn't a proof of concept. It was found on the wild.

Re:Infected Linux? (1)

jsepeta (412566) | about 2 years ago | (#40606093)

because nobody in the wild tests their proof of concepts. programmers always use a sandbox feature for that.

not.

Re:Infected Linux? (0)

Anonymous Coward | about 2 years ago | (#40606587)

Uhh not accurate, this is built into the Social-Engineer Toolkit and is open-source... It works on OSX and Linux.

Source (0)

Anonymous Coward | about 2 years ago | (#40605669)

Only a matter of time before trojans are distributed in source format, then compiled on the target machine.

Re:Source (1)

tylutin (2575251) | about 2 years ago | (#40605891)

Right, because most Windows machines have a C compiler installed ...

Re:Source (1)

tylutin (2575251) | about 2 years ago | (#40606069)

woops, of course if the code is JAVA, then ...

Malware for Linux? (5, Funny)

Anonymous Coward | about 2 years ago | (#40605733)

The year of the Linux desktop has arrived!

Advice anyone??? (-1)

Anonymous Coward | about 2 years ago | (#40605735)

Okay gents, apologize for being OT but I'd like some advice. Most of the time around midday the office clears out and I can relax some. The co-workers all having a spot of tea and the like. So happens today I felt the urge to break wind since my cubicle mates are all out. Lo and behold I think I overdid it and probably shat myself. As a matter of fact I feel the seat of my pants sticking to my chair.

Now my co-workers are all starting to file back into the office from being away. What should I do? I don't have a spare set of trousers to take to the restroom. But I know I must be reeking by now. How can I sneak out and past my boss, who is now starting to make his way to my desk?

HELP!!!

Re:Advice anyone??? (-1)

Anonymous Coward | about 2 years ago | (#40605889)

I have a sneeky suspicion this isn't real. Judging by your use of the word "Mates" you are either in Europe or Australia.

In America, the easiest way out is to pretend you just farted now just announce "Woowie! I think I just shit myself!" In a real redneck accent. It will be comical so everyone will just assume you were kidding and have made your way to grab a coffee or something (I don't know your office layout).

Then either go to the restroom and check out the job you made in your pants. If it's not too terrible, clean it out and try to find some air freshener or disinfectant spray and hope that nobody asks any questions.

Lets hope you have a Janitor (custodian) that will be nice enough to help you out.

Good luck.

Re:Advice anyone??? (1)

Jeng (926980) | about 2 years ago | (#40606457)

It really is not complicated.

Get up, go to the bathroom, go to a stall, take off your underwear, wipe yourself off, put pants back on without your underwear, get out of the stall, throw away your soiled underwear and get back to work.

Anonymous Colombian (0)

Anonymous Coward | about 2 years ago | (#40605745)

It is Colombian not Columbian...
It is in the title of the F-Prot document: "Multi-platform Backdoor Lurks in Colombian Transport Site".

How did you got that wrong?

Re:Anonymous Colombian (0)

Anonymous Coward | about 2 years ago | (#40605787)

*F-Secure.

Re:Anonymous Colombian (1)

jjjhs (2009156) | about 2 years ago | (#40605951)

About 100 or so people pointed that out already.

crap (0)

Anonymous Coward | about 2 years ago | (#40605905)

They stole my idea! Maybe I should hire apple's legal team.

openjdk (0)

Anonymous Coward | about 2 years ago | (#40606083)

implying that i would have java installed on my linux pcs

Is it just me or...? (0)

Anonymous Coward | about 2 years ago | (#40606125)

I keep reading a lot of these security reports (not just here but on wired and stuff as well) and I can't help but laugh and go: "I thought this was *obvious*!?".

In this case I'm more inclined to say: Well, duh, this is why we use stuff like NoScript. To stop suspicious looking sites from doing bad stuff. So... Why is this such big news? O.o

So BSD users are safe? (1)

BLToday (1777712) | about 2 years ago | (#40606145)

FreeBSD FTW.

very convincing (5, Funny)

Cyko_01 (1092499) | about 2 years ago | (#40606165)

On linux you need to download the source code from the repository and compile it yourself

Re:very convincing (0)

Anonymous Coward | about 2 years ago | (#40606475)

The source code is available here: https://svn.secmaniac.com/social_engineering_toolkit/src/webattack/java_applet/ -- Its an open framework.

Bastards (0)

Anonymous Coward | about 2 years ago | (#40606267)

Where's the love for BeOS?

My Amiga 500 is safe (0)

Anonymous Coward | about 2 years ago | (#40606291)

Commodore Business Machines FTW!!

This is The Social-Engineer Toolkit (0)

Anonymous Coward | about 2 years ago | (#40606387)

This is the Social-Engineer Toolkit -- It's open source and available for free for penetration testers.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...