Turn off your Java plug-ins RIGHT FUGGIN NOW!!!!!
Critical Java zero-day bug is being massively exploited in the wildhttp://arstechnica.com/security/2013/01/critical-java-zero-day-bug-is-being-massively-exploited-in-the-wild/
Attack code that exploits vulnerability in Java's browser plugin has been added to the Blackhole, Cool, Nuclear Pack, and Redkit exploit kits, according to the Malware Don't Need Coffee blog, prompting its author to say that the bug is being "massively exploited in the wild." Miscreants use these products to turn compromised websites into platforms for silently installing keyloggers and other types of malicious software on the computers of unsuspecting visitors. KrebsOnSecurity reporter Brian Krebs said the curators of both Blackhole and Nuclear Pack have taken to the underweb to boast of the addition to their wares. It's not yet clear how many websites have been outfitted with the exploits.
snip
"There appears to be multiple ad networks redirecting to Blackhole sites, amplifying the mass exploitation problem," Kaspersky Lab expert Kurt Baumgartner wrote. "We have seen ads from legitimate sites, especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java 0day. These sites include weather sites, news sites, and of course, adult sites."
Java 7 Update 10 ships with a feature that makes it far simpler to unplug Java from the browser than in previous versions. Oracles instructions for using that feature are here: http://www.java.com/en/download/help/disable_browser.xml
Setting the Security Level of the Java Client: http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html
CountAllVotes
(20,876 posts)I have turned it off and you cannot recommend a thread without it.
HOWEVER TURN THE DAMN THING OFF!!!
It was trying to load a wireless something or the other and I am on a DSL connection!!
ohheckyeah
(9,314 posts)the Firefox extensions for Java?
Lone_Star_Dem
(28,158 posts)Can't miss it, it's right after the bold red warning.
Clicking that should yield this:
Why was it blocked?
The Java plugin is causing significant security problems. All users are strongly recommended to keep the plugin disabled unless necessary.
Who is affected?
All users who have these versions of the plugin installed in Firefox 17 and above.
What does this mean?
The problematic add-on or plugin will be automatically disabled and no longer usable.
When Mozilla becomes aware of add-ons, plugins, or other third-party software that seriously compromises Firefox security, stability, or performance and meets certain criteria, the software may be blocked from general use. For more information, please read this support article.
Which means you're safe to use FF, but not any other browsers you may have installed. They'll have to be disabled individually.
ohheckyeah
(9,314 posts)I disabled Java in FF and I don't have it in Chrome extensions.
Earth Bound Misfit
(3,554 posts)...whether you disable Java in the Control Panel (as described in my post #38) or not.
https://blog.mozilla.org/security/2013/01/11/protecting-users-against-java-vulnerability/
There is no patch currently available for this issue from Oracle. To protect Firefox users we have enabled Click To Play for recent versions of Java on all platforms (Java 7u9, 7u10, 6u37, 6u38). Firefox users with older versions of Java are already protected by existing plugin blocking or Click To Play defenses.
The Click To Play feature ensures that the Java plugin will not load unless a user specifically clicks to enable the plugin. This protects users against drive-by exploitation, one of the most common exploit techniques used to compromise vulnerable users. Click To Play also allows users to enable the Java plugin on a per-site basis if they absolutely need the Java plugin for the site.
Micro$lop's Internet ExPLODEr.... not so much.
CountAllVotes
(20,876 posts)n/t
CountAllVotes
(20,876 posts)and badly.
Response to CountAllVotes (Reply #6)
CountAllVotes This message was self-deleted by its author.
ohheckyeah
(9,314 posts)says when she disables Java in FF and restarts FF it is enabled again.
WTH?
CountAllVotes
(20,876 posts)How I got rid of "it".
Somehow managed to connect to the net and download update to SuperAntiSpyWare and it found nine nasties .... got rid of them.
The went to system restore, date of last year -- nothing to really lose.
Rebooted and it works it works but ...
Why is it trying to update Adobe Acrobat?
is that all about?
polly7
(20,582 posts)I hope I didn't screw up my computer. I guess I won't know until I restart it
CountAllVotes
(20,876 posts)I had to retire my ThinkPad. I took my old one out made in 1998 if you can believe that.
It is a A20m with Windows 2000 on it.
I'm going to use this until we find out what this is as my desktop has Windows XP Pro on it as well -- so far so good with the Java disabled (NOT the Java script).
However, you cannot access many sites at all and gee I thought I needed to retire this old baby here. I guess not.
No sign of this one doing anything as it is not at risk. Good test computer I'm thinking.
I read the update of adobe was part of "it".
Patch to fix to come from Oracle I read.
fug.
polly7
(20,582 posts)I do books for a couple of small companies on mine ... I'm in the middle of backing up everything right now. I don't think I'll let it restart until I know what I've done or haven't done by letting it update.
CountAllVotes
(20,876 posts)but it will start up with the updating right away ...
I've put her away and did not allow it to grab that update again!!
Back 'er up good just in case!
CountAllVotes
(20,876 posts)I did some searching around and it seems Acrobat reader had a major security flaw too and it noticed a few days before this other thing broke, hence the dowload appearing. By all means DO download this fix for Adobe Acrobat Reader!!! Coincidence?
As for the ThinkPad, it now seems to be gone (after working on it for hours on end last night! ).
Windows update downloaded a security fix this a.m. for "January 2013". Maybe that download fixed my computer, I don't know but I'm not turning Java 7 back on until I find out for certain.
What a nightmare these past 24-hrs. have been!!
I think I'm going to go back to bed. I'm freaking exhausted!
polly7
(20,582 posts)I did a quick search on it last night and couldn't find anything, so let it restart, and everything's fine. I hope you get all your troubles worked out.
WhoIsNumberNone
(7,875 posts)CountAllVotes
(20,876 posts)I was using the laptop earlier today for about 1 hour and left for the day.
Came back and restarted the whole thing from scratch and there it was.
My server didn't even know of it. When I told them what Homeland Security said re: it they freaked. Uh huh ...
Got a laptop with Windows 2000 on it? If you don't you too are at risk unless:
1. Using Firefox or Chrome.
Make sure Java is disabled in Firefox. Script ok to leave enabled is the word.
WhoIsNumberNone
(7,875 posts)I just came back from running Spybot S&D; 37 tracking cookies, 36 of them associated with Google Chrome- a browser I almost never use for this very reason. Every time I check for spyware, it's all on Chrome.
I'll be running an actual virus scan later tonight (takes time & ties up the memory) and we'll see what it turns up.
I'm in the process of disabling Java on all my browsers now. So how did you know the thing was there?
CountAllVotes
(20,876 posts)It booted up and there was this bizarre thing about a wireless something or the other and the system was locked.
I could even use the trackpoint - no movement.
I'm on the laptop right now and YES it is VERSION 7 damn damn damn
My desktop has a different version.
Little baby old ThinkPad 15 years old A20m does not have Java on it. Gotcha there any freaking hackers!
WhoIsNumberNone
(7,875 posts)I have a veeery old version (now disabled) I've been reading articles linked to the one in the OP, but so far I haven't found anything to suggest I'm any better off.
Earth Bound Misfit
(3,554 posts)Overview: http://joe4security.blogspot.com/
Some striking behavior facts from the startup and signature overview:
Contains tricks to detect virtual machines
Starts svchost.exe which is legitimate Windows process and writes its process memory, changes threat context
Creates an autostart registry key
Deletes Windows safe boot entries
Delete initial dropped binary
Creates a new desktop and switches to it. As a result the current desktop with all its windows gets hidden
Full analysis: http://www.joesecurity.org/reports/report-237f8ffc0c24191c5bb7bd9099802ee4.html
CountAllVotes
(20,876 posts)Now how does one get rid of it. I've got 4 computers here, 3 w/XP PRO, 1 w/WINDOWS 2000 (no Java on this) and one had the Version 7 Java on it, my main machine btw and it is messed up badly.
UnrepentantLiberal
(11,700 posts)CountAllVotes
(20,876 posts)I did this and actually said machine seems to be working ok expect Java 7 is disabled so I have limited abilities online for the time being until we are told that Java 7 is safe to use.
Have noted the desktop I am using now says that Java 6 is out-of-date and it wants me to upgrade to Java 7. I don't think I'll be doing that right away.
I be honest w/you I think this whole thing is a plot to get people with old computers which I have about 6 of, all but one works, to buy a new one.
I don't want Windows 8, it sounds like a nightmare VISTA clone perhaps. Windows 7 Professional or Ultimate might be great but I don't feel like forking out over a $1,000.00+ to upgrade everything. I'm sure that there are many in this same boat too.
Kind of angers me to say the least!
Thanks for your tip btw!
UnrepentantLiberal
(11,700 posts)Are you using Windows XP?
What I was suggesting is that you do a "system recovery". I've always been able to find that. It usually is the other option besides "system restore". Go through your control panel again and see if you can navigate to system recovery. That will restore your computer to its original state, minus the bugs and viruses.
CountAllVotes
(20,876 posts)The Acer has a back-up of XP Pro but it came with Vista on it. It is a bit of a nightmare of a machine but hey, it works. ThinkPads have no back-up. System restore or else the old format c: /u in DOS and hopefully you have a new OS to load. If you don't you are sunk unless you pay some tech $80.00 an hr. to "fix" it if that is even a real possibly with a 10 year old laptop.
UnrepentantLiberal
(11,700 posts)but the partition on the computer has XP installed for system recovery? The computer came from the factory that way? That doesn't make sense.
As far as the ThinkPad, sounds like you shut it down and then keep clicking f-11 as it's starting up. http://answers.yahoo.com/question/index?qid=20090830154456AAK3QAX
CountAllVotes
(20,876 posts)That is why it is so messed up! It doesn't have a partition. VISTA is GONE from it and XP can be reinstalled with the disks that came with it. However, it did not come with a copy of VISTA (not that I wanted it!).
I am frankly shocked that it still works and it is a horrid beast to reload! UGH.
Not sure the F11 thing works, depends on which ThinkPad I'm using (definitely does not work on the A20m). I think you end up in another world perhaps. (lol ...)
nick of time
(651 posts)I didn't even know about Java being dangerous to my computer. I'm running Windows 7 and just upgraded Java 2 days ago.
Hope I didn't screw anything up, seems to be running fine, but Java now disabled.
UTUSN
(70,711 posts)* Should I do a scan? Does my anti-virus pick it up?
* How disable, go to Programs and do a "remove"?
* What are the signs that something is wrong? My machine/Windows 7 is acting slightly slow, customary sites (gossip/Gawker) almost wouldn't load, are sites like that more dangerous?
Thanks for any consideration.
CountAllVotes
(20,876 posts)Has your computer dowloaded anything this a.m.? A Windows security update?
Is it ON?
I got rid of it somehow seemingly after the update this a.m.
However, I also did all of the below:
Use SUPERAntiSpyware (get from download.com)
It will scan and find a bunch of stuff and you opt to remove/delete what it finds.
Also ran Avira AV which I could not even open/load until today after that Windows update came on.
You should be online only if you have Firefox/Chrome.
If Firefox:
GET the latest update of it - Top bar HELP ==> About Firefox ----> Check for Updates. I am running v. 18.
After all of this, be certain to TURN OFF JAVA 7 until further notice it seems. Some say it is ok to leave the Java 7 script on, others not. I have it OFF. Better safe than sorry.
This is done by Tools bar above. Go to Add-Ons.
click on plug-ins
DISABLE EVERYTHING THAT SAYS THE WORD JAVA ON IT - simple to do, on/off sort of thing.
and I see this too:
https://addons.mozilla.org/en-US/firefox/blocked/p186
It may want you to update Adobe Acrobat, you'll see it there with the other plug-ins asking to update. This is another FIX not part of the virus so you should do it - a security risk it is saying.
Better change all passwords that are critical is my advice on this (i.e. banks, etc. etc.).
Confused yet?
Seriously glad to help. No one needs to pay some ISP guy $300.00 to be rid of it!
UTUSN
(70,711 posts)Last edited Sat Jan 12, 2013, 11:52 PM - Edit history (1)
no Firefox no chrome. no downloads this a.m. there were fourteen windows t.other day. is this a one day thing. how come this isn't a hot topic all over the board
*****O.K., am on a keyboard now instead of pecking at the Kindle screen. Did a Search and read a couple of articles NBC tech/site (can't paste links). I'm getting the bottom line is not to use IE at all until Windows can issue a fix/patch. So this Kindle thing is android, right? So this is O.K.?
Went to the Search article that gave steps through Control Panel, but the instructions didn't match the windows that came up for the Java Control Panel ("Security tab, unclick the 'enable' box." All that showed up there was 'Certificates.'). I think the article said the disabling has to be done specifically for browsers through Registry or by each browser and that if witless dudes like me shouldn't do anything if we don't know what Registry is.
I did follow your info about going to download.com, saw the anti-spyware download. I think I'm going to stick to using the Kindle until things get patched up? Please let me know if the Kindle is included in the off-limits!1 Thanks!1
UTUSN
(70,711 posts)should be running anyway.
CountAllVotes
(20,876 posts)The upgrade is Java 7! *sigh*
Bottom line (according to these geeks giving out this info. is really this): Buy a new computer you loser with your 15 year old laptop and old machines that still work is the message I'm getting very loud and clear!
Soon few computers will work as Microsoft will stop supporting XP in Aug. of 2014. After that, we are on your own.
On edit: I have 2 old comptuers (1 desktop that I am using at the moment and one other older laptop besides the really old one with Windows 2000 on it with NO Java plugins on it at all!) that show Java 6 on them. This desktop is not that old, an ACER bought in 2008.
CountAllVotes
(20,876 posts)I have a registry cleaner that I use here:
http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm
Simple enough and does the job!
I don't know what the "Kindle" thing is (??).
You are right though as I read the same. Only those using Firefox or Chrome can be online with Java 7 disabled. You have no business being online with IE right now. I don't use IE anyway, gave up on that one a long time ago (too many security risks as if this is any better eh?!).
UTUSN
(70,711 posts)Earth Bound Misfit
(3,554 posts)not available in previous versions.
Below is what I believe is the easiest way to disable ALL Java plugins on Windows computers (credit Grinler site Owner/Admin @ Bleepingcomputer)
http://www.bleepingcomputer.com/forums/topic481462.html/page__view__findpost__p__2945754
Using a version of Java that is not Version 7 Update 10
1. Uninstall all versions of Java.
2. Download and install Version 7 Update 10 from the following locations depending on the bit-type of Windows:
Windows Offline (32-bit) http://javadl.sun.com/webapps/download/AutoDL?BundleId=71835
Windows Offline (64-bit) http://javadl.sun.com/webapps/download/AutoDL?BundleId=71837
3. Disable Java in your browsers by following these steps: http://www.java.com/en/download/help/disable_browser.xml
Java will now be disabled in your browsers. You must do this step for all users on Windows computers.
Currently using Version 7 Update 10
1. Disable Java in your browsers by following these steps: http://www.java.com/en/download/help/disable_browser.xml. Java will now be disabled in your browsers. You must do this step for all users on the Windows computer.
UTUSN
(70,711 posts)CountAllVotes
(20,876 posts)Using an 15 year old ThinkPad and whoa is she slow! 6 gb HD on it! Glad I have it nonetheless!
On a desktop now and disabled the Java 6 on it that is supposed to be upgraded to Java 7.
UTUSN
(70,711 posts)* I was able to REC threads here at DU.
* Haven't tried YouTubes yet
* Don't know about being able to respond to DU jury yet
I learned my computer is 64bit, so should I now install Java7 64bit and also DISABLE it until the fix is ready?
Earth Bound Misfit
(3,554 posts)Java is a programming language and JavaScript is a scripting language. This page explains the difference: https://service.parachat.com/knowledgebase/79/What-are-the-differences-between-Java-and-JavaScript.html
Java FAQ: http://java.com/en/download/faq/whatis_java.xml
What will I get when I download Java software?
The Java Runtime Environment (JRE) is what you get when you download Java software. The JRE consists of the Java Virtual Machine (JVM), Java platform core classes, and supporting Java platform libraries. The JRE is the runtime portion of Java software, which is all you need to run it in your Web browser. When you download Java software, you only get what you need - no spyware, and no viruses.
I haven't had any problems on DU
Youtube, FB works fine for me
I'm not a gamer, but I understand that a lot of online gaming needs Java
My bank website needs Java enabled for online banking, I'll refrain from any cyber banking 'til this gets patched.
One website (Tech related) I was unable to "like" a comment & couldn't edit my profile.
As far as needing 32 bit or 64 bit, if you use a 64 bit browser, you need to install 64 bit Java. I have a 64 bit Win 7 system and use Firefox which is 32bit, M$ installs both 32 & 64 bit Internet Ex-PLODE-r on 64 bit Windows system with 32 bit the default. I have never installed 64 bit Java, only 32 bit.
Hope this helps.
Earth Bound Misfit
(3,554 posts)What is put on as the infection is a matter of the payload chosen by the person(s) utilizing the exploit for this vulnerability. You can check and see if youre vulnerable, but the only way to see if youre infected is through the use of security software, Anti-Virus, Anti-Malware, etc. There's no accounting for zero day threats however.
From what I've read/heard thus far this vulnerability is mainly being used by exploit packs, which are crimeware tools made to be stitched into Web sites so that when visitors come to the site with vulnerable/outdated browser plugins (like this one), the site can silently install malware on the visitors PC. Exploit packs can be stitched into porn sites as well as legitimate sites. All it takes is for an attacker to be able to insert one line of code into a compromised site.
Typically when youve been a victim of a drive by like this, you will notice the effects; some will block access to security related web sites, like Symantec, Avast, Avira, Malwarebytes etc; they can disable features on the Windows system like Control Panel, Windows Update, Safe Mode, block/disable anti-virus, or anti-malware apps & scanners, block executables, hide your files/desktop...and much much more.
CountAllVotes
(20,876 posts)Possibly a Facebook acct. I was looking at (owner has a "history" of visiting sites that I do NOT go to) and/or believe it or not, an online support group which I just dropped out of the day before this happened luckily! *whew*
Isn't that a hell, an online support group?
Who needs one anyway when they've got the DU?
THANKS for your help!!
Sunlei
(22,651 posts)link to info. I use the paid version and that auto blocks the ransomware. They have a free version and help to remove the 'ransomware' if infected.
http://blog.malwarebytes.org/intelligence/2013/01/cta-unpatched-java-exploit-in-the-wild/
CountAllVotes
(20,876 posts)I'll try/run that one too just in case it is still there.
Difficult to know with Java disabled.
However, I think that download this a.m. got rid of it, the Windows update.
What is the goal of this we ask ourselves?
Goal was this which I almost fell for in the heat of last night:
BUY A NEW ONE WITH WIDOWS 7 PROFESSIONAL on it ...
Didn't do it as I just do not have money for that.
UnrepentantLiberal
(11,700 posts)How much would this affect my browsing experience?