Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Exploit Toolkit Infects One in Ten Users via Outdated Java


18 Oct 2010   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Exploit Toolkit Infects One in Ten Users via Outdated Java

Quote:

While analyzing a live drive-by download attack, researchers from M86 Security found that one in ten users visiting the compromised pages were being infected because they had an outdated version of Java installed.

The exploit toolkits used in drive-by download attacks target known arbitrary code execution vulnerabilities in older version of popular applications, like Adobe Flash Player, Adobe Reader, Java or even the browsers themselves.

Successful exploitation results in malware being installed on the visitor's system in a way that is transparent to them.

There are various exploit toolkits on the underground market, some more popular than others and targeting a different number of vulnerabilities.

The exploit pack used in this attack is called Zombie Infection Kit and is neither the most popular, nor the most sophisticated.

The toolkit exploits two Java vulnerabilities, four Adobe Reader ones (via a single PDF document), the Windows XP Help Center (HCP) flaw discovered earlier this year, an old one in IE6 and two in Adobe Flash Player.

According to its control panel, the two Java vulnerabilities accounted for a bit over 60% of all successful infections. This is consistent with numbers seen in other exploit toolkits.
More -
Exploit Toolkit Infects One in Ten Users via Outdated Java - Softpedia

My System SpecsSystem Spec
.

19 Oct 2010   #2

Windows 7 & Windows Vista Ultimate
 
 

Yipes!

Quote:
The toolkit exploits two Java vulnerabilities, four Adobe Reader ones (via a single PDF document), the Windows XP Help Center (HCP) flaw discovered earlier this year, an old one in IE6 and two in Adobe Flash Player.

According to its control panel, the two Java vulnerabilities accounted for a bit over 60% of all successful infections
I am still seeing not only multiple old Java installs but also JSE2 in logs. Obviously, the malware writers are having fun taking advantage of people who don't update.
My System SpecsSystem Spec
19 Oct 2010   #3
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Have you checked the Java?

Quote:

Whilst working on our normal data pull and analysis for the Microsoft Security Intelligence Report (v9 - released last week), I embarked on a mini discovery mission on the exploit data that MMPC detects with our antimalware technology. Although the main focus of antimalware software is on traditional malware families, antimalware technologies can do a good job when it comes to file exploits that require a lot of parsing, such as exploit-laden movies, documents, and ... Java.

What I discovered was that some of our exploit "malware" families were telling a scary story - an unprecedented wave of Java exploitation. In fact, by the beginning of this year, the number of Java exploits (and by that I mean attacks on vulnerable Java code, not attacks using JavaScript) had well surpassed the total number of Adobe-related exploits we monitored. See chart below for details:



The Java spike in Q3 is primarily driven by attacks on three vulnerabilities, which all, by the way, have had patches available for them for some time now. The first two, in particular, have gone from hundreds of thousands per quarter to millions:
More -
Have you checked the Java? - Microsoft Malware Protection Center - Site Home - TechNet Blogs
My System SpecsSystem Spec
.


19 Oct 2010   #4

Windows 7 & Windows Vista Ultimate
 
 

As I posted today, Do You Need Java?

"Shortly after Oracle released their quarterly update which addressed twenty-nine security flaws in Java SE, a frustrated forum poster asked, "How can I determine if I need Java?" Along with removal instructions, my reply included the following reasons why someone may need Oracle Sun Java installed on their computer:
  • Playing on-line games generally requires Java.
  • With OpenOffice, Java is needed for the items listed here .
  • It used to be that Java was needed for websites to be properly displayed. However, that is generally not the case now with Flash having taken over.
  • There may be commercial programs that depend on Java. If Java is needed for a software installed on your computer, there should be a prompt for it.
Whether you keep Java or decide to uninstall it from your computer, it is necessary to look not only for the Java(TM) 6 Update (number) but also for any installation with J2SE, Java(TM) 5, or Java(TM) SE Runtime Environment 6. It is also advisable to remove the leftover files in your downloads folder.

In the event you keep Java installed, there should only be the current version in add/remove programs (as of this posting, Java(TM) 6 Update 22, available at Java SE Runtime Environment 6u22).

Since Java updates tend to leave leftovers, JavaRa is recommended. Freğ ğe Vries provided notice that RaProduct's JavaRa has been silently updated to reflect the publication of Oracle's Java JRE 1.6.0.22. Leftovers up to Oracle Sun Java 1.6.0.21 are now cleaned by JavaRa. Simply download JavaRa and unzip it to your desktop.

  • Double-click on JavaRa.exe to start the program. (Windows Vista and Windows 7 users right-click JavaRa.exe > Select Run as Administrator)
  • Click on Remove Older Versions to remove older versions of Java.

Confirm that the following folders a hve also been removed:
C:\Program Files\Java
C:\Users\%UserName%\AppData\LocalLow\Sun "
My System SpecsSystem Spec
Reply

 Exploit Toolkit Infects One in Ten Users via Outdated Java




Thread Tools



Similar help and support threads for2: Exploit Toolkit Infects One in Ten Users via Outdated Java
Thread Forum
Outdated Java weak spots are widespread, Websense says Security News
JAVA Exploit Remedy? System Security
Yet another Java exploit thread. System Security
Exploit:Java/CVE-2010-0840.IO help. System Security
Exploit Packs Run on Java Juice Security News
Java: A Gift to Exploit Pack Makers. Security News
Exploit:Java/CVE-2008-5353.B;Trojan:Java/Selace.A and B System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 01:44 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33