Java Malware alert!

[Skuzzy]

I know many of you allow Java to run freely on your browsers, and those who use FireFox think they are bullet-proof, so I thought I would give you a heads up about a potential problem you might have.

[uptown]

Thanks for the headsup 

[1701E]

Yikes, glad I don't have java....just what I need is another stupid infection.  Getting tired of reformatting.
Thanks for the heads up Skuzz.

[soda72]

Disabling the Java plugin is not sufficient to prevent exploitation, as the toolkit is installed independently.

 

[Ghastly]

I spent a some time 2 days ago on this, and I found

a) Our current installation of Eset's Nod32 (EAVBE, 4.2.40.0) quarantines the sample script - so I'd like to presume that it would protect you from an attempt to exploit - and I would like to assume that the retail version would to, although I didn't test it.
b) NoScript (with Firefox) will mitigate this, in that you have to enable scripting from the exploitive web site before it can run
c) removing npdeploykt.dll (or replacing it with another innocuous dll, which is what I did administratively to all of the workstations at work) prevents the exploit from deploying.

Also, I noticed that Java has released a new patch release (6.20) overnight - I'd like to assume that this is fixed, but haven't had time to confirm that.

<S>
Guy

[Dragon]

Oh    Yippee.

[007Rusty]

fun fun    thanks for the heads up 

[Eagler]

"The main lure so far seems to be a song lyrics publishing site, with Rihanna, Usher, Lady Gaga and Miley Cyrus being used, among others."

good thing I know their lyrics by heart

j/k

thanks
Skuzzy

[soda72]

Some how I can't picture Skuzzy listening to Lady Gaga..

 

[uptown]

Lady Gaga!? Oh no, the wifes computer will be locked up in no time. 


Wait, that's a good thing. 

[DREDIOCK]

Some how I can't picture Skuzzy listening to Lady Gaga..

 

Not with the sound turned up anyway 

[DREDIOCK]

Ok wheres a site. Im willing to play Guinea pig.
My daughter has gotten me to get pretty good at getting rid of these bastages.

BTW Facebook users. Beware of ads on facebook as some have recently been known to carry that windows security Trojan.

If your using firefox I suggest adding adblock as well as noscript

[Denholm]

Thanks for the warning, Skuzzy. I doubt it, yet out of general curiosity, does this exploit manage to unload onto Linux systems?

[Skuzzy]

It effects all versions of Sun's Java runtime, regardless of the OS.  However, the chances of the malware/spyware program being able to run on a Linux box is pretty low as virtually all these types of programs are written for Windows.

[Changeup]

"The main lure so far seems to be a song lyrics publishing site, with Rihanna, Usher, Lady Gaga and Miley Cyrus being used, among others."

good thing I know their lyrics by heart

j/k

thanks
Skuzzy

Wow....the artists with the most "issues"...how coincidental.  Lady Gaga is a trainwreck that only lacks a place to happen...and somehow I can't see Miley Cyrus's "Greatest Hits" on Skuzzy's Ipod...lol

V/r
Changeup



PS - If I knew any of their lyrics I would kick my own ass....Go buy some CRUE!!! lmao