(F-Secure image of malware backdoor Java App)
Last week, Security researchers at F-Secure have analyzed a new malware that targets Macs, Linux and Windows machines. (Thanks Dangertux!) The code, found on a Colombian Transport website, determines what operating system the visitor is using and then delivers a tailored backdoored Java applet. If the user allows the applet to run, the attackers get remote access to their machine.
Well it should, the code was taken from one of our favorite security tools, the Social Engineering Toolkit! Dave Kennedy (Rel1k) responded to an Arstechnica article about the new malware, stating that the code was indeed from SET:
“Just a heads up, this is my open-source tool called the social-engineer toolkit.. Java applet attack source code is open to everyone. Looks like the payloads were custom though. This is used by millions of security researchers.“
This is a problem with open source software and several software tools in fact. Though the creator meant the tool for good, unfortunately there are those out there that will try to use them for evil.
Recently a program created by a young French coder Jean-Pierre Lesueur, was used by the Syrian government to spy on its own people! Once Lesueur found out that it was used in this way, he created a removal tool for it and finally gave up developing it all together. Well known security guru Kevin Mitnick who used the tool in security demonstrations commented on Lesueur’s choice saying:
“I don’t think that’s a good reason to stop development on it, because you always have bad actors,” he says. “That’s just a fact of life.”
Open source security tools are a huge benefit to the IT community. Especially to smaller companies that cannot afford high priced security solutions. They should not get a bad rap because of a few miscreants that twist them to do evil.