Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Web malware exploitation kits updated with new Java exploit


20 Dec 2011   #1

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 
Web malware exploitation kits updated with new Java exploit

Quote:
Cybercriminals are quick to capitalize on the announcement of a newly discovered vulnerability — CVE-2011-3544 — in Java.
ZDNet
Web malware exploitation kits updated with new Java exploit | ZDNet

Yet another Java exploit.


My System SpecsSystem Spec
.

20 Dec 2011   #2

Windows 7 Ultimate x64
 
 

That does it - uninstalling Java. I only ever saw it used for the F1 live timing, and that's off until March, anyway.
My System SpecsSystem Spec
20 Dec 2011   #3

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 

I don't have it installed on my actual PC.

I need it for my networking course (Cisco Packet Tracer) so I've created a VM and installed Java in that.
My System SpecsSystem Spec
.


22 Dec 2011   #4

Windows 7 x64 / Same
 
 

I can understand the frustration. And I hate to be too simplistic, but a lot of falling prey to malware can be avoided by only visiting trusted sites. Of course, I understand "trusted" is a relative term and some crappy sites might be "trusted" by some. But still. Keep things simple.
My System SpecsSystem Spec
22 Dec 2011   #5

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 
I'm afraid that "Trusted Sites" are a myth

"Trusted Sites" can be compromised.

Linux repository
Linux repository hit by malware attack | TechRepublic

Google
Google busts itself for distributing malware | ZDNet

Your only real defence is regular patching/updating and frequent external backups.
Trojans, viruses, worms: How does malware get on PCs and Macs? | ZDNet

The only "Trusted Site" that is a possible exception, is a site that you:
  • Coded/created.
  • Are intimately familiar with every object in it.
  • Regularly check for unauthorised modifications.
My System SpecsSystem Spec
22 Dec 2011   #6

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 

If a person uninstalled everything that an exploitation was found in, it wouldn't take long before that person wouldn't have anything on their machine, including an OS. I would look for another solution.
My System SpecsSystem Spec
22 Dec 2011   #7

Windows 7 x64 / Same
 
 

Quote   Quote: Originally Posted by lehnerus2000 View Post
True, not EVERY site can be protected ALL the time. But c'mon. How often/likely is that?

Quote:
Your only real defence is regular patching/updating and frequent external backups.
Trojans, viruses, worms: How does malware get on PCs and Macs? | ZDNet
Not totally true. Having good AV and firewall software helps defend against attack.

Quote:
The only "Trusted Site" that is a possible exception, is a site that you:
  • Coded/created.
  • Are intimately familiar with every object in it.
  • Regularly check for unauthorised modifications.
Umm...didn't you explain in your first point that any trusted site can be exploited? It doesn't matter if you coded it or not. Even your code is never bulletproof.
My System SpecsSystem Spec
22 Dec 2011   #8

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 
I did say "... possible exception ..."

Quote   Quote: Originally Posted by Win7User512 View Post
Quote   Quote: Originally Posted by lehnerus2000 View Post
True, not EVERY site can be protected ALL the time. But c'mon. How often/likely is that?
Not much comfort if you happen to be the poor sap, who goes to a site during the few hours that it is compromised.

Did I say hours?
IIRC, the Linux repository was compromised for "at least 17 days".

Google codeplex had malware on it for over a month!
Malware hosted on Google Code project site | ZDNet
More nasties found on Google Code repository | ZDNet

SourceForge also had dodgy links.
SourceForge is still harboring pornography and malware | ExtremeTech

If you can compromise Google for a few hours; you can potentially ensnare thousands (if not millions) of users.
This is the problem with the "Cloud", it is a "single point of failure".
Every criminal knows "where it is" and they will be attacking it.

They only have to get lucky once, whereas the provider has to be 100% successful at stopping thousands (if not millions) of attacks per day.

Quote   Quote: Originally Posted by Win7User512 View Post
Quote   Quote: Originally Posted by lehnerus2000 View Post
Your only real defence is regular patching/updating and frequent external backups.
Trojans, viruses, worms: How does malware get on PCs and Macs? | ZDNet
Not totally true. Having good AV and firewall software helps defend against attack.
D'oh!

A firewall is important in Windows (and on a server).
The Ubuntu firewall (iptables) doesn't have any rules in it by default (i.e. all actions/connections are allowed).
The CentOS (server) firewall (iptables) has rules blocking most external actions/connections by default.

AV software is reactive and limited by the speed of signature updates.
Apparently some malware has the ability to "mutate" itself, so that signature scanners are less likely to detect it!

I should have included this link.
If your PC picks up a virus, whose fault is it?

If you read the article that is linked from that link, patching and a running firewall kept most of the PCs malware free, without an AV program (or other human intervention).

Quote   Quote: Originally Posted by Win7User512 View Post
Quote   Quote: Originally Posted by lehnerus2000 View Post
The only "Trusted Site" that is a possible exception, is a site that you:
  • Coded/created.
  • Are intimately familiar with every object in it.
  • Regularly check for unauthorised modifications.
Umm...didn't you explain in your first point that any trusted site can be exploited? It doesn't matter if you coded it or not. Even your code is never bulletproof.
I did say "... possible exception ...".

It depends on how much code you have and how often it is monitored (assuming you host it on a machine that you control).
A "Hello World" web page would only be a few lines of html, so it should be no problem to check it for alterations (every few minutes if necessary).
Of course it wouldn't be very useful web page.

If the page is hosted on someone else's machine or it has thousands of lines of code (e.g. databases, js, Flash, embedded media players, etc.) the chances of the page getting hijacked increase dramatically.
My System SpecsSystem Spec
27 Dec 2011   #9

xxxxxxxxxxxxxxxxxxxxxxx
 
 

I like to keep Java and Adobe Flash disabled on my Firefox for this very reason. Too many security issues. I don't really need Java or Adobe Flash. YouTube has added HTML5 to the experimental lab - so I have that enabled instead of using Flash.
My System SpecsSystem Spec
15 Feb 2012   #10

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 
Java Vulnerabilities

Quote:
Summary: All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.


If you still haven’t uninstalled Java to reduce the attack surface on your computer, here are 14 new reasons from Oracle Sun.
ZDNet
Have you uninstalled Java yet? Here are 14 new reasons... | ZDNet

I'm glad that I only run it in a VM.
My System SpecsSystem Spec
Reply

 Web malware exploitation kits updated with new Java exploit




Thread Tools



Similar help and support threads for2: Web malware exploitation kits updated with new Java exploit
Thread Forum
70 percent of exploit kits come from Russia, says report Security News
JAVA Exploit Remedy? System Security
Yet another Java exploit thread. System Security
Exploit:Java/CVE-2010-0840.IO help. System Security
Only 9 of 22 virus scanners block Java exploit System Security
Exploit Packs Run on Java Juice Security News
Exploit:Java/CVE-2008-5353.B;Trojan:Java/Selace.A and B System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 02:30 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33