The Antivirus Guy Blog

Keeping people up to date with antivirus and security information

From the Internet Storm Center – CERTs warn about old java bug being exploited

CERTs warn about old java bug being exploited

Published: 2006-01-13,
Last Updated: 2006-01-13
19:08:06 UTC by Swa Frantzen (Version: 3(click to
highlight changes)
)
US-CERT and AUSCERT
warn about a bug in java being exploited. They claim bug was made public
in November 2005.Aside of the obvious patch and turn off java support,
the warnings include text as “avoid clicking on any links in emails or instant
messages, unless the email was already expected beforehand” and “by only
accessing Java applets from known and trusted sources the chances of
exploitation are reduced.”To the best of my knowledge the general user
population expects email. They use email to communicate with people they never
met before. And they will click on anything in it. Similarly they call it
“surfing the web”, they will click on links that lead to other sites. Telling
them not to do that is going to have as much effect as asking them not to laugh
at you. There are unfortunately only a very few exceptions where you might have
users and applications where you can limit the exposure. But as a general
recommendation it is rather worthless IMHO.So download that latest
greatest java environment now if you haven’t done so already and upgrade. Better
yet: check those browser settings and turn java off for all sites that you
either not trust 100% to execute code on your machines or that don’t absolutely
need it to work.

UPDATE
We have been informed
multiple times the hostile java seems to be at a webserver at fullchain [dot]
net. Might be interesting to check your logs in a corporate environment. The
supposedly hostile code is still there so we won’t be providing detailed URLs
for now. The class file on that website is not detected as malicious by any
anti-virus product participating in virustotal.Vince told it’s also
necessary to remove the old java environments, not just get the new ones as an
attacker can target the old environments when they are still
present.

UPDATE
According to the bulletins you need
at least

  • Version 1.3.1_16 or later
  • Version 1.4.2_09 or later
  • Version (1.)5 update 4 or later


Swa
Frantzen

Advertisements

January 14, 2006 - Posted by | Security News

No comments yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: