It is common knowledge that more often than not, the same web exploit does not work on machines running different operating systems. This is precisely the reason why authors of different web exploits tend to write multiple versions to penetrate multiple OS with them. Now, a live web exploit has been found which can intelligently determine the OS of its victim before targeting it with its payload.
The web exploit is able to detect whether the victim’s system is running Windows or Linux or Mac OS X. Once it has determined the target OS, it then releases a different trojan which is specific to that OS.
The web exploit was first discovered on a Columbian transport website. The website has been compromised already and it now contained a Java applet which was able to determine the exact OS of its target machines. Once it found out the answer to this question, it would download relevant files to the victim’s system.
According to the researchers who discovered it, “All three files for the three different platforms behave the same way. They all connect to 18.104.22.168 to get additional code to execute. The ports are 8080, 8081, and 8082 for OS X, Linux, and Windows respectively.”
Mac machines are becoming more and more popular, thanks to the immense popularity that Apple has earned courtesy its other products such as iPhone and iPad. And since Mac platform is now being used by millions of users, it has attracted the attention of many new malware attacks which aim at infecting the Mac machines.
However, normally, a specific and specialized attack is launched for a given platform. For instance, if a malware author intends to infect Mac machines, he would most probably release a specific malware for the Mac platform. Generalized malware, which are meant for all platforms, are very rare. And that is why this recent web exploit is a rare discovery.
Source: F-Secure Blog