Wiz Feinberg
From: Mid-Michigan, USA
|
Posted 10 Oct 2011 5:31 pm
|
|
Ed Meadway wrote: |
Mr. Wiz
I can't remember the exact type of Java update notice I received, but the notice was located in the lower right of the Firefox 7.0.1 browser. |
Ed;
If you are certain that the Java update notice appeared inside a portion of your browser, and not on the Taskbar, by the System Tray (where the clock is), then you have been scammed into installing a Trojan Horse.
What security programs are installed on your XP computer? Are they the current version and fully updated with current malware definitions? _________________ "Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
Wiz Feinberg
From: Mid-Michigan, USA
|
Posted 12 Oct 2011 8:44 am
|
|
What does Java do?
It allows you to interact with "applets" that were created using Java technology. It allows certain online scanners to access your hard drive to seek out viruses. Many online games are written in Java. The Secunia Online Software Inspector uses Java to find insecure programs that are vulnerable to attack.
The problems with Java are:
#1: until recently, installing a new version did not remove older, exploitable versions (due to programming errors or oversights). Cyber criminals learned that they could directly call the Java executables (and .jar compiled programs) in older versions to take control of computers.
#2: Since many folks aren't aware that they have Java installed at all, they also don't bother to check for updates to it. Thus, they can be exploited very easily.
How does Java get exploited?
Hackers and rogue programmers, hired by criminals have written exploit attack kits, which are sold via online forums frequented by such people. The criminal types who are in the business of building armies of remote controlled computers (botnets), for use in spamming and attacking other sites, use these exploit kits on websites they control, to infect computers of victims tricked into clicking on links to pages containing hidden "iframes" or JavaScript redirection code.
A typical victim receives an email message about this or that product, which appeals to that recipient (Viagra, prescription drugs without a prescription, cheap pirated software, a fake ACH, FDIC, IRS, or parcel courier problem notice, etc). They are lured into clicking on the link supplied in that email message. The link goes to a compromised, sometimes innocent website that has had instant redirection codes placed on the landing page.
The browser obeys the redirection code and moves to another web page spoofing this or that. In the background, a 1x1 pixel (invisible) frame, called an iframe, brings malicious content from another server into the browser. That content is an exploit attack kit. The majority of the attack codes are against older versions of Java, plus any zero day, unpatched vulnerabilities in the current version of Java. Following those codes, attacks are launched against Adobe's PDF Reader and Acrobat. Next, attacks are launched against unpatched Internet Explorer "MDAC" code vulnerabilities.
The name of the most current and deadly attack kit, at this point in time, is the BlackHole Kit (Russian). It is successful much of the time in exploiting a Windows computer lured to it, due to having exploitable unpatched software. Almost 88% are exploited via Java exploits. The remaining 12% is split between PDF and Internet Explorer "MDAC" vulnerabilities.
There are ways to stay protected from the exploit kit attacks, as listed below.
- Close your browsers and all apps, then, via Control Panel > Add/Remove Software, uninstall all listed versions of Java and reboot.
- If you must have Java, make sure it is only the current version (use automatic Java updater with daily checking). Recent versions remove certain older versions, going back a short time, during the upgrade.
- If you keep the newest version of Java, use Control Panel to uninstall all listed previous versions, then reboot.
- Go to your Program Files directory, find the Java folder and open it. Look for older version number folders that remain after uninstalling listed ones, and delete them manually, keeping just the lated dated and numbered version.
- If you use Adobe Reader or Acrobat, set them to automatic, silent updating to the newest version.
- Make sure you check for updates to Adobe Flash, at www.adobe.com
- Make sure you keep up with all "Express" or recommended Windows Updates (2nd Tuesday every month, plus some 4th Tuesdays)
- Use the latest version of whatever browser or browsers you have installed.
- Do not click on links in any spam or unexpected email. If in doubt, go directly to the specified website, by typing the URL into your address bar. Links are easily spoofed in browsers and email clients.
- Do not operate your computer as an Administrator, except for specific tasks that require that account to be used.
- If you are currently operating with just one account with Administrator privileges, create a new account with the same privileges - with a non-dictionary password, log into it, then via Control Panel > User Accounts (or Users and Passwords), go to your previous account and reduce its privileges to Standard or Limited User.
I have a tutorial on user account privileges here _________________ "Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|