Update your Sun Java Runtime

[mechBgon]

If you have Sun Java installed, check to be sure you've got the latest version.

http://secunia.com/advisories/25981/ (update links & info)

Successful exploitation allows execution of arbitrary code e.g. when a user visits a malicious website.

You can check for that issue, and others, using the Secunia online checkup (works on Windows only AFAIK). It looks for vulnerable versions of stuff many of us have, such as Adobe Reader, Flash Player, DiVX, torrent clients, IM, email clients, browsers, QuickTime, WinAmp and other media players. The bad guys do use some of these third-party vulnerabilities, so take a few minutes and eliminate them.

 

[eplebnista]

Thanks for the heads up! :beer:

 

[mechBgon]

Certainly :beer:

Another note: since web browsers make a pretty obvious attack vector, ask yourselves if you actually need Java for any websites you visit. If you don't, just shut down Java capabilities in your browser(s) until you actually need them for something (such as that Secunia checkup, which is Java-based).

To disable Java in FireFox, click Tools > Options, go to the Content tab, and uncheck the "Enable Java" box.

To disable Java in IE7, click Tools > Manage Add-Ons > Enable or Disable Add-Ons, click the add-on and choose "Disable."

Check to confirm it's shut off by hitting http://www.time.gov and clicking a timezone. You shouldn't get a real-time clock readout anymore.

What if I have a few sites I want Java to work with? In that case, instead of disabling Java entirely, consider using the NoScript add-on for FireFox, and the various Security zones for IE. I haven't tried NoScript myself, so someone tell me if I'm being an idiot but I believe it will let you "whitelist" sites that are allowed to use Java, as well as JavaScript.

For IE7,

1) In the Internet Options > Security tab, set the Trusted Sites security level to Medium-High so it matches the Internet Zone's default level.

2) Then go to the Internet Zone, click "Custom level" and scroll down to the end where you'll see the option to Disable scripting of Java applets.

3) Now add your trusted sites to the Trusted Sites zone, and they'll be able to use Java applets.

I don't think this was exactly what Microsoft had in mind with the zones, but whatever You can also use this revision to only permit the Trusted Sites to use JavaScript, which is another potential security enhancement, although it could be a bit of a hassle to get it all arranged to your satisfaction. mech's narrated screen-capture video on IE7 tweakage

 

[Skeeedunt]

Yeah, NoScript allows you to block Java on all "untrusted" sites. NoScript is really nice half the time, but gets tiresome. I think I have java disabled altogether in Firefox though since it's almost always a miserable experience.

 

[Schadenfroh]

Thanks for the heads up mech, looks like Sun has not put this update to the autoupdate yet (or java.com), they need a faster response time.

 

[Oakenfold]

Thanks Mech, Java tends to give me headaches. Now I know I'll have one less!
By the way, my adobe flash was out of date, nifty website.:thumbsup:

 

[John]

<3 mechBgone

 

[Atheus]

This only affects client-side Java? I'd hate to have to upgrade all the 1.4.2 and 5.0 web apps on our servers - total nightmare!

 

[Schadenfroh]

update 4 is now out

 

[Medea]

Be VERY careful of running old Java versions. Personally, I second mech's advice about disabling Java unless you need it for a specific website.

One of the ways that Vundo spreads is via old Java versions. Obviously, it also spreads via infected downloads. There is a new Vundo variant that hits apps, AV's, antispywares, and is a real PITA to remove! The tell-tale sign is when you run HJT and you see a space in the executable of a file. This will NOT be the only file affected. An HJT log will just show a couple of infected files.

I just got rid of it in a log. These are SOME of the files that were infected:
C:\Program Files\AIM6\aim6 .exe
C:\Program Files\Avast\ashDisp .exe
C:\Program Files\Common Files\AOL\1153920030\ee\AOLSoftware .exe --->
C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
C:\Program Files\Common Files\AOL\Launch\AOLLaunch .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Dell\Media Experience\DMXLauncher .exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\MySpace\IM\MySpaceIM .exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper .exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper .exe
C:\Program Files\QuickTime\QTTask .exe ---> QTTask.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\Uniblue\Registry Booster\RegistryBooster .exe
C:\Program Files\Verizon\McciTrayApp .exe
C:\Program Files\VideoraiPodConverter\VideoraiPodConverter .exe
C:\WINDOWS\ehome\ehtray .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\DLA\DLACTRLW .EXE

Notice the space between the filename and .exe VundoFix is not able to nuke the new variant.

So, let's be careful out there...

 

[mechBgon]

Originally posted by: Medea
Be VERY careful of running old Java versions. Personally, I second mech's advice about disabling Java unless you need it for a specific website.

One of the ways that Vundo spreads is via old Java versions. Obviously, it also spreads via infected downloads. There is a new Vundo variant that hits apps, AV's, antispywares, and is a real PITA to remove! The tell-tale sign is when you run HJT and you see a space in the executable of a file. This will NOT be the only file affected. An HJT log will just show a couple of infected files.

I just got rid of it in a log. These are SOME of the files that were infected:
C:\Program Files\AIM6\aim6 .exe
C:\Program Files\Avast\ashDisp .exe
C:\Program Files\Common Files\AOL\1153920030\ee\AOLSoftware .exe --->
C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
C:\Program Files\Common Files\AOL\Launch\AOLLaunch .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Dell\Media Experience\DMXLauncher .exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\MySpace\IM\MySpaceIM .exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper .exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper .exe
C:\Program Files\QuickTime\QTTask .exe ---> QTTask.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\Uniblue\Registry Booster\RegistryBooster .exe
C:\Program Files\Verizon\McciTrayApp .exe
C:\Program Files\VideoraiPodConverter\VideoraiPodConverter .exe
C:\WINDOWS\ehome\ehtray .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\DLA\DLACTRLW .EXE

Notice the space between the filename and .exe VundoFix is not able to nuke the new variant.

So, let's be careful out there...

Yikes! :Q Thanks for sharing the latest intel from the front lines :thumbsup:

Originally posted by: John
<3 mechBgone

LOLe, stope thate!

 

[John]

Originally posted by: Medea
Notice the space between the filename and .exe VundoFix is not able to nuke the new variant.

What about the latest revision of CF or SAS?

 

[Medea]

YGPM

 

[Lemon law]

At this point sun java needs to watch their butts IMHO. For many applications, having java up and running is a must because those apps depend on java to run. And a number of years ago, microsoft sought to have their version supplant sun java as the de facto standard.

And now sun java is now somewhat in the same position of adobe with PDF's. I long ago chucked adobe in favor of the foxit reader simply because those frequent huge revisions become a giant pain. Especially for people on dial up. Apple is also in that boat and I chucked it also. But at least adobe now offers small incremental upgrades and with apple you have to download the whole thing. Java needs to get on the incremental upgrade bandwagon. It was just a month or so ago since I downloaded JRE. 6. rev 3 and now I am going to have to do JRE 6 rev 4.

Maybe we need some other company who can do java right because sun ain't getting it.

 

[Medea]

Originally posted by: Lemon law
At this point sun java needs to watch their butts IMHO. For many applications, having java up and running is a must because those apps depend on java to run. And a number of years ago, microsoft sought to have their version supplant sun java as the de facto standard.

Yeah, I remember that lawsuit. It was when XP came out with SP1. Microsoft and Sun settled, and SP1a was released.

What I should mention, in case people are not aware of it, is that when you install a Java update, the installer does NOT completely remove the older version. Rather, the newest version "hooks" onto the older version.

The best way of installing a Java update is to download it. Then, via Add/Remove, uninstall ALL previous versions of Java. Reboot your computer. Then, install the new Java update.

 

[BehindEnemyLines]

So if you have JDK/JRE 1.6 Update 3 and NO Java Web Start 1.x, then you should be okay? All my computers currently have only that version. It's a pain sometimes having to uninstall the old one first, and then install the updated one.

Like Medea mentioned, Java does not uninstall the older version when installing a newer one.

 

[John]

Originally posted by: BehindEnemyLines
So if you have JDK/JRE 1.6 Update 3 and NO Java Web Start 1.x, then you should be okay? All my computers currently have only that version.

Yes, however I would uninstall it, then look in c:\program files\java and remove any folders inside, then run CCleaner to be safe. Now you can install update 4.

 

[Lemon law]

Not sure yet, but its looks like update 4 is not yet a free upgrade. At least one web site show it as only a paid version. Filehippo still lists only update 3.

 

[John]

Download Java SE Runtime Environment 6 Update 4

 

[Medea]

Can also get it here without having to answer questions. Majorgeeks immediately updates when a new update is released, so you can always use this url:
http://www.majorgeeks.com/Sun_...Environment_d4648.html