Disable Java NOW, Friends

[2gunsup]

It's that time again,

01-10-13 Exploit​

A previously unknown and currently unpatched security hole in the latest version of the Java software framework is under attack online, according to security researchers and bloggers.

Attack code that exploits vulnerability in Java's browser plugin has been added to the Blackhole, Cool, Nuclear Pack, and Redkit exploit kits, according to the Malware Don't Need Coffee blog, prompting its author to say that the bug is being "massively exploited in the wild." Miscreants use these products to turn compromised websites into platforms for silently installing keyloggers and other types of malicious software on the computers of unsuspecting visitors. KrebsOnSecurity reporter Brian Krebs said the curators of both Blackhole and Nuclear Pack have taken to the underweb to boast of the addition to their wares. It's not yet clear how many websites have been outfitted with the exploits.

According to researchers at Alienvault Labs, the exploits work against fully patched installations of Java. Attack files are highly obfuscated and are most likely succeeding by bypassing security checks built in to the program. KrebsOnSecurity said the malware authors say the exploits work against all versions of Java 7.

Update: Analysis from antivirus provider Kaspersky Lab indicates the exploits are already deployed on a variety of websites.

"There appears to be multiple ad networks redirecting to Blackhole sites, amplifying the mass exploitation problem," Kaspersky Lab expert Kurt Baumgartner wrote. "We have seen ads from legitimate sites, especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java 0day. These sites include weather sites, news sites, and of course, adult sites."

People who don't use Java much should once again consider unplugging Java from their browser, while those who don't use it at all may want to uninstall it altogether. The release notes for Java 7 Update 10—the most recent version—say users can disable the program from the browser by accessing the Java Control Panel. KrebsOnSecurity has instructions here for other ways to do this.

Source

Windows Removal Instructions​

Spoiler

Windows 7 and Vista users can go to Control Panel -> Programs. Older versions of Windows will be under Control Panel -> Add/Remove Programs.

Find Java in the Program list, highlight it and choose Uninstall. Windows will prompt you to confirm. Say yes.

You can confirm that Java is no longer installed by visiting http://java.com. Click "Do I have Java?" Click verify and confirm that it says "No working Java was detected on your system."

Chrome Disable Instructions​

Spoiler

• Open Chrome and type chrome://plugins into the location bar.
• Click Disable underneath the Java plugin.

08-28-12 Exploit
​

Spoiler

A new browser-based exploit for a Java vulnerability that allows attackers to execute arbitrary code on client systems has been spotted in the wild – and because of Oracle's Java patch schedule, it may be some time before a fix becomes widely available.

The vulnerability is present in the Java Runtime Environment (JRE) version 1.7 or later, Atif Mushtaq of security firm FireEye reported on Sunday, while PCs with Java versions 1.6 or earlier installed are not at risk.

The vulnerability allows attackers to use a custom web page to force systems to download and run an arbitrary payload – for example, a keylogger or some other type of malware. The payload does not need to be a Java app itself.

In the form in which it was discovered, the exploit only works on Windows machines, because the payload that it downloads is a Windows executable. But the hackers behind the Metasploit penetration testing software say they have studied the exploit and found that it could just as easily be used to attack machines running Linux or Mac OS X, given the appropriate payload.

All browsers running on these systems were found to be vulnerable if they had the Java plugin installed, including Chrome, Firefox, Internet Explorer, Opera, and Safari.

Although the actual source of the exploit is not known, it was originally discovered on a server with a domain name that resolved to an IP address located in China. The malware it installed on compromised systems attempted to connect to a command-and-control server believed to be located in Singapore.

Oracle has yet to comment on the vulnerability or when users should expect a fix, but it might be a while. The database giant ordinarily observes a strict thrice-annual patch schedule for Java, and the next batch of fixes isn't due until October 16.

Downgrading to an earlier version of Java is not advised, because even though earlier versions aren't vulnerable to this particular exploit, they may contain other bugs that expose still other vulnerabilities.

In advance of any official patch, and because of the seriousness of the vulnerability, malware researchers at DeepEnd Research have developed an interim fix that they say seems to prevent the rogue Java code from executing its payload, although it has received little testing.

Because the patch could be used to develop new exploits if it fell into the wrong hands, however, DeepEnd Research is only making it available by individual request to systems administrators who manage large numbers of clients for companies that rely on Java.

For individual users, the researchers say, the best solution for now is to disable the Java browser plugin until Oracle issues an official patch. ®

Source

For Chrome you just need to point your browser to chrome://plugins/ and disable Java. I completely uninstalled that bullshyt from my system though. Ain't bout to catch aids.

 

[villain]

NoScriptin it right now so any java trynna run gotta get approved by me first

 

[WaveCapsByOscorp™]

*uses a mac*

 

[2gunsup]

*uses a mac*

But the hackers behind the Metasploit penetration testing software say they have studied the exploit and found that it could just as easily be used to attack machines running Linux or Mac OS X, given the appropriate payload.

 

[Takerstani]

I *just* re-enabled it a couple of weeks ago. I use Noscript, too, but I just went ahead and disabled it. It's always been a security risk, which is why I turned it off in the 1st place.

 

[Ice Cold]

thanks for the heads up

 

[HookersandIceCream]

Fukk disabling it

*throws the laptop in the bushes*

 

[truemaster]

Done!!

 

[Squirtle]

So uninstall this or hackers get my info?

 

[STAN JONES]

I don't have 1.7 so I'm good

 

[MidniteJay]

I don't have 1.7 so I'm good

The vulnerability is present in the Java Runtime Environment (JRE) version 1.7 or later

Don't fukk with your life, son...

 

[STAN JONES]

Don't fukk with your life, son...

I never updated my java since I got this laptop plus I got noscript so I'm good breh

 

[MidniteJay]

fukk. PS3 Media Server requires Java Runtime Enironment 7.0 to work. Ain't that a bytch...

 

[FloorGeneral]

fukk. PS3 Media Server requires Java Runtime Enironment 7.0 to work. Ain't that a bytch...

PS3 Media Server is an application. For this flaw, they exploit it thru a web browser. Just turn Java off in whatever browser(s) you use, and you'll be fine. I've had Java turned off in my browsers for awhile now, so no worries over here.

 

[MidniteJay]

PS3 Media Server is an application. For this flaw, they exploit it thru a web browser. Just turn Java off in whatever browser(s) you use, and you'll be fine. I've had Java turned off in my browsers for awhile now, so no worries over here.

Thanks.

Article had a nikka panicking deleting everything