Botnets have been all over the news in recent weeks, as have Java-related security issues. So it’s not surprising really that someone’s been busy building a botnet by exploiting one of the numerous vulnerabilities that keep cropping up in Java.

In case you’re wondering, a botnet is a network of compromised computers that have been infected with malware, and is used for all kinds of cybercriminal scams, ranging from Bitcoin mining to click fraud and good old spam emails. Readers will probably be more familiar with malware, or malicious software, the vast majority of which is targeted at computers running Windows. However that doesn’t mean other operating systems aren’t vulnerable – they’re not at all. In fact, with the rise in popularity of systems running Linux and Mac OS X, as well as Smartphones and tablets running Android, malware is rapidly becoming a threat to all operating systems.

Most malware is specific to one kind of operating system, but recently Kaspersky Labs has detected what it’s calling a “cross-platform Java-Bot” that’s capable of infecting devices running Windows, Mac OS X and Linux, so long as they have the Java Runtime Environment installed.

This Java-Bot was first discovered by one Zoltan Balazs, CTO of MRG Effitas, who submitted samples of a malicious Java application to the researchers at Kaspersky last year. The malware was later identified as EUR:Backdoor.Java.Agent.a.

Writing in Kaspersky’s blog, lab expert Anton Ivanov revealed that the Botnet is able to compromise computers running all three major operating systems by exploiting a known vulnerability in Java, CVE-2013-2465. This vulnerability was patched in more recent versions of Java, but Ivanov notes that the vulnerability still exists in Java 7 u21 and earlier versions.

Whoever’s built this malware has designed it to create a botnet capable of launching Distributed Denial-of-Service (DdoS) attacks against servers and websites. They’ve also encrypted the malware with Zelix Klassmaster Obfuscator to make analysis more difficult, which is why it took kaspersky’s researchers so long to untangle it.

Once the malware is launched, it copies itself into the user’s home directory and sets itself to run every time the system is booted. It then contacts the botmasters’ IRC server via the IRC protocol, and identifies itself via a unique identifier it generated.

The malware’s main reason of existence is to make infected machines flood specified IP addresses with requests when ordered to via a predefined IRC channel. The botmasters simply have to define the address of the computer to be attacked, the port number, the duration of the attack, and the number of threads to be used in it.

At the time of analysis, the botnet formed by this particular Trojan was targeting a bulk email service.