Skip to comments.
Thanks ever so much Java, for that biz-wide rootkit infection
The Register ^
| 3rd September 2012 11:00 GMT
| Trevor Pott
Posted on 09/03/2012 10:05:45 AM PDT by Ernest_at_the_Beach
click here to read article
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-53 next last
To: bcsco
I would disable Sun Java if you are running it. That is the program that will be exploited.
While in internet explorer, click tools, internet options, programs tab, manage add ons, look for Sun Java in the list, disable it if it is there. This is for windows 7.
21
posted on
09/03/2012 11:09:47 AM PDT
by
chris37
(Heartless.)
To: LouieFisk; chris37
Thanks. I disabled it in both IE & Firefox.
22
posted on
09/03/2012 11:17:52 AM PDT
by
bcsco
(Bourbon gets better with age...I age better with Bourbon.)
To: Ernest_at_the_Beach
Microsoft is aware of this rootkit and has a page on it in the Malware Protection site:
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin64%2FSirefef.D
Lot’s of good tips to protect your computer from it and from fixing your PC if you get it. They are not, however, recommending disabling Java. Note in the article originally posted the business executive had to have Java in the browser to track finances. This is true for a lot of people. I’m not sure that disabling Java is going to work with a lot of my users.
To: Ernest_at_the_Beach
24
posted on
09/03/2012 11:26:18 AM PDT
by
squarebarb
( Fairy tales are basically true.)
25
posted on
09/03/2012 11:26:51 AM PDT
by
phockthis
(http://www.supremelaw.org/fedzone11/index.htm ...)
To: Alas Babylon!
"Lots of good tips to protect your computer from it and
from fixing your PC if you get it."
Pretty generic cover-all suggestions. Use an anti-virus, firewall,
be careful about attachemts,etc.
To: Ernest_at_the_Beach; All
To: Ernest_at_the_Beach
28
posted on
09/03/2012 11:32:13 AM PDT
by
onona
(Thank you fellow Freepers)
To: LouieFisk
Microsoft is sue-happy. Lawyers pretty much call all the shots.
If they just recommend disabling Java, I’m pretty sure Oracle would get legal. And that costs MSFT money even if they win.
Then again, if a few major corporate players get hacked bad they’ll be talking to counsel.
So it’s generic, pappy, we-told-you-so remodies.
This is the crap I fight everyday. In the end, the corp bigwigs hold IT responsible. That crap rolls downhill to us administrators. We’re on the line in more ways than one.
Me? I pray a lot!
To: Ernest_at_the_Beach
Java is crap.
All the things they said Java would never do, they now do with ease. Like infect you.
I have Noscript installed w/Firefox, the problem is there are tons of Java junkies out there who think it is the answer to everything, and half the websites I go to don’t work.
It was a flash in the pan and ought to be replaced by a new HTML standard.
It would help if MS would clean up there buffer problems and application security.... yeah, like that’s gonna happen!
30
posted on
09/03/2012 11:37:10 AM PDT
by
djf
(The barbarian hordes will ALWAYS outnumber the clean-shaven. And they vote.)
To: Alas Babylon!
"Still, as I said, we have several major apps we support that
uses Java, and getting rid of them would be a sure
PITA and a possible show stopper."
Yeah, it's as I said, it depends on how much you depend on
it/frequency of use. But rootkits can be mighty nasty.
I consider a severe infection as making a machine comprised, time to format
and reload the OS.
But if a person does uninstall Java he should be sure
to get rid of the old versions, too. Java
keeps them installed for some reason.
To: bcsco; LouieFisk; chris37; Alas Babylon!
I think it is bigger than just JAVA,.....JAVA script in the browser....or whatever.....
Read the Technical paper for some real hair-raising detail.....
32
posted on
09/03/2012 11:51:56 AM PDT
by
Ernest_at_the_Beach
((The Global Warming Hoax was a Criminal Act....where is Al Gore?))
To: djf
33
posted on
09/03/2012 11:52:45 AM PDT
by
Ernest_at_the_Beach
((The Global Warming Hoax was a Criminal Act....where is Al Gore?))
To: Ernest_at_the_Beach
To: All
All should look at this for online Financial stuff:
*****************************************************
Link :
Lightweight Portable Security---DOD
******************************
The Abstract from Distrowatch above......
*******************************************
Lightweight Portable Security (LPS) is a Linux-based live CD with a goal of allowing users to work on a computer without the risk of exposing their credentials and private data to malware, key loggers and other Internet-era ills. It includes a minimal set of applications and utilities, such as the Firefox web browser or an encryption wizard for encrypting and decrypting personal files. The live CD is a product produced by the United States of America's Department of Defence and is part of that organization's Software Protection Initiative.
35
posted on
09/03/2012 11:57:43 AM PDT
by
Ernest_at_the_Beach
((The Global Warming Hoax was a Criminal Act....where is Al Gore?))
To: Alas Babylon!
Well,...you have a problem of much larger magnitude than most of us have to deal with....
Man oh Man....glad I retired from the Main Frame business....
Guess I have a question ...if an enterprise is running Virtual machines hosting linus apps and windows apps...does that help ...in detection?
36
posted on
09/03/2012 12:02:10 PM PDT
by
Ernest_at_the_Beach
((The Global Warming Hoax was a Criminal Act....where is Al Gore?))
To: Ernest_at_the_Beach
37
posted on
09/03/2012 12:09:00 PM PDT
by
exit82
(Pass the word: Obama is a FAILURE!! Democrats are the enemies of freedom!)
To: Ernest_at_the_Beach
Got that right!
I did manage to find the equivalent of a “Windows Live” CD.
You burn it and boot from CD.
Problem is, zero installed software, I can’t remember if IE is even installed, so except for tweaking registries, recovering hard drives, etc., it’s basically useless.
Can’t remember the name exactly... something like “Windows Presentation Manager” or some such crap.
Sure would be nice if MS worried as much about my rights to not have my machine infected as they do worrying about DRM for Katy Perry or WTF...
38
posted on
09/03/2012 12:26:45 PM PDT
by
djf
(The barbarian hordes will ALWAYS outnumber the clean-shaven. And they vote.)
To: All
Used Google to find this:
ZeroAccess Description
***********************************EXCERPT*********************************************
ZeroAccess is a rootkit that uses advanced techniques to conceal itself and thwart your PC security software. Afterwards, ZeroAccess may also be used to open a backdoor on your system in the fashion of a backdoor Trojan. As is true of other rootkits that SpywareRemove.com malware researchers have analyzed, ZeroAccess has negligible symptoms of its activities, although you may be able to find ZeroAccess by watching for malfunctions in your anti-malware and security programs. ZeroAccess has been updated several times throughout its life and is sufficiently advanced and potentially damaging that only specialized and up-to-date anti-malware programs should be used to delete any ZeroAccess infection on your PC. Refraining from doing so will leave your computer open to attack by criminals and other forms of harmful software, and can cause lose of private information or destruction of files on your PC.
The Hidden ZeroAccess Threat to Your Computer
ZeroAccess is considered a highly-sophisticated kernel mode rootkit due to its use of multiple methods to obscure itself and attack programs that could find or remove ZeroAccess and similar rootkits. Although ZeroAccess isnt considered quite as advanced as a
TDL3 Rootkit, it remains comparable to such rootkits (including
Rootkit.Boot.Mybios.a,
TDSS.e!rootkit,
TDSS Rootkit and Rootkit.Win32.Agent.bhnc) in terms of potential damage to your PC.
Since SpywareRemove.com malware researchers have found that ZeroAccess, like many other rootkits, prefers to load itself without an independent process that can be seen and shut down, you may not be able to tell when ZeroAccess is active unless its related attacks give off visible signals, such as browser hijacks, system slowdown or visibly-altered network settings.
However, the attack that ZeroAccess is most well-known for is its ability to shut down any program that engages in behavior that ZeroAccess feels would be a threat to ZeroAccess. This includes most forms of standard system scans that are used by anti-malware and security programs. Since ZeroAccess has received multiple updates since its origin in July of 2011, keeping your anti-malware software equally up-to-date is important for removing ZeroAccess.
You may also be able to infer the existence of ZeroAccess by noting the presence of related PC infections, particularly dropper Trojans. These Trojans, such as
Trojan-Downloader.Agent-BFJ,
Trojan-Dropper.Win32.Delf.br,
Trojan-dropper.win32.VB.agtq,
Trojan-Dropper.Win32.HDrop.apo or
Trojan-Downloader.Agent-FCX can install ZeroAccess and may also install spyware, ransomware Trojans, worms or other PC threats.
Why ZeroAccess is a Great Big Zero for Your Computers Safety
39
posted on
09/03/2012 12:27:07 PM PDT
by
Ernest_at_the_Beach
((The Global Warming Hoax was a Criminal Act....where is Al Gore?))
Continuing.....looks like detection is free....but removal is for a fee:
************************************
Why ZeroAccess is a Great Big Zero for Your Computers Safety
Besides its notable security program-disabling traits, any particular ZeroAccess variant may also possess any or all of the following attributes:
- In all instances that SpywareRemove.com malware experts have observed thus far, ZeroAccess chooses a system driver to infect for its base of operations. This allows ZeroAccess to launch without your consent and makes it extremely difficult to remove ZeroAccess, which can restore itself even when partially deleted. Improper removal of ZeroAccess is almost certain to cause harm to your operating system, which is why the use of a dedicated anti-malware program to delete ZeroAccess is strongly encouraged.
- ZeroAccess may be used to steal private information. This can include account login data or passwords, Social Security numbers, credit card numbers or even all keyboard input, monitor output and webcam footage.
- ZeroAccess may install other types of harmful programs onto your PC just as a standard dropper Trojan would do; these programs can include Remote Administration Tools, worms, viruses and many other forms of malicious software.
- ZeroAccess may allow remote criminals to access and control your PC; the level of control that ZeroAccess potentially can allow to a criminal may be effectively unlimited.
- Your system may also experience undesirable setting changes while ZeroAccess is on your PC. While open network ports and exceptions added to your firewall are the most likely changes, ZeroAccess may also cause any number of other alterations, such as concealing files, hijacking your browser or changing your desktop image.
Confirmed aliases for ZeroAccess include
Dropper.Sirefef.B, Generic Dropper!dvy and Trojan-Dropper.Win32.Sireref.b.
ZeroAccess Automatic Detection Tool (Recommended)
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.
Is your PC infected with ZeroAccess? To safely & quickly detect ZeroAccess, we highly recommend you run the malware scanner listed below.
*SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats.
40
posted on
09/03/2012 12:37:05 PM PDT
by
Ernest_at_the_Beach
((The Global Warming Hoax was a Criminal Act....where is Al Gore?))
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-53 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson