For most of the recorded history of malware, viruses, Trojans and other malicious software have been specialists. Each piece of malware typically targeted one platform, be it Windows, OS X or now, one of the mobile platforms. But the last few months have seen the rise of cross-platform malware that have the ability to infect several different kinds of machines with small variations to their code.
Attackers, like people in other walks of life, tend to specialize. They find something that they're good at, say, writing Windows rootkits or creating OS X Trojans, and they often will stick with that. There's not much reason to branch out if they're having success with something already. For a long time, most malware was written for Windows, because that's where most of the users are. Going after OS X or Linux didn't make a lot of sense.
But that's begun to change lately. One recent example is the Crisis Trojan, which has the ability to infect both Windows and Mac OS X machines. The first version of Crisis that researchers discovered targeted various versions of OS X, and it was a typical data-stealing Trojan, listening in on email and instant messenger communications. The interesting thing about Crisis is not only that there are versions for multiple platforms, but also that the installer for the malware, which masquerades as an Adobe Flash installer, checks to see what operating system it's on and then installs the appropriate version.
The malware also has a function that looks for VMWare images stored on the infected machine, and if it finds one, it will mount the image and then copy itself to the virtual machine image.
Researchers found a similar piece of malware back in April. That one was disguised as a Java applet that would install different payloads depending upon what OS the target machine was running. So, attackers have decided that more is better when it comes to platforms. Why restrict your creation to just Windows or OS X when you can have both?
Microsoft researchers looked at a recent attack that involved a piece of malware using similar techniques and found that the attackers have been honing their skills.
Read more >>