| View previous topic :: View next topic |
| Author |
Message |
fcukdat
Warrior Addict
Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.
|
 Posted: Sun Nov 20, 2005 3:46 am Post subject: Sun Java exploit=Vundo/Winfixer/Virtumonde |
 |
|
For attention of all Sun Java users 
A very recently discovered exploit by our very own Calamity Jane
has riddled a lot of PC's recently>>>
Sun Java update exploit=Vundo/Winfixer/Virtumonde infection
http://www3.dslreports.com/forum/remark,14738046~start=0
In short>>>
If you have Sun java on your PC,check the add/remove software part of control panel to see which version(s) you have installed.
The only one required is the latest version 1.5.0_06
Download here>>>
http://www.java.com/en/download/manual.jsp
All others should be uninstalled immediatley since they are at risk from this recently discovered exploit and also surplus to requirement.
Editorial Note by CalamityJane: I did not "discover" this vulnerability - I've just been spreading the word. Two fellow MS MVPs (Steve Wechsler aka MowGreen & Sandi Hardmeier) have been after Sun Microsystems on this since last February 2005. Sun acknowledged back then that older (vulnerable) versions on a system can be called up by Malware and exploit the system, but have failed to do anything about it to date
_________________
Malware hunter....Got Bot ?
MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html |
|
| Back to top |
|
 |
fcukdat
Warrior Addict
Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.
|
|
| Back to top |
|
|
fcukdat
Warrior Addict
Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.
|
| Posted: Mon Nov 21, 2005 11:39 am Post subject: Which version do i have,which do i need ? |
|
|
Just to clarify about older versions of Sun Java,
They will appear in the control panel>>>add/remove as/or like
J2SE Runtime Environment 5.0 - 97.99Mb
J2SE Runtime Environment 5.0 Update 2 - 143.00Mb
J2SE Runtime Environment 5.0 Update 4 - 144.00Mb
J2SE Runtime Environment 5.0 Update 5 - 151.00Mb
Java 2 Runtime Environment, SE v1.4.2_04 - 130.00Mb
or as illustrated here
It is crucial to stress that all versions need to be uninstalled with the exception of the latest version 1.5.06 which will be listed in the add/remove as
J2SE Runtime Enviroment 5.0 Update 6
_________________
Malware hunter....Got Bot ?
MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html |
|
| Back to top |
|
|
fcukdat
Warrior Addict
Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.
|
|
| Back to top |
|
|
fcukdat
Warrior Addict
Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.
|
| Posted: Sun Nov 27, 2005 3:45 am Post subject: FAO victims of the Vundo/Winfixer/Virtumonde infection |
|
|
*Additional Variant removal update
It has been found that some variants can be removed By Webroot SpySweeper that the Symantec removal tool is ineffective against.
SpySweeper is available on a 14day free trial and can be downloaded from>>>
http://majorgeeks.com/Spy_Sweeper_d3263.html
*Remember it is still crucial to post a HJT log for inspection since other malware may still be on your system
_________________
Malware hunter....Got Bot ?
MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html |
|
| Back to top |
|
|
thejynxed
Warrior
Joined: 09 Nov 2004
Last Visit: 14 Oct 2007
Posts: 89
Location: Pennsylvania
|
| Posted: Sun Nov 27, 2005 3:55 am Post subject: |
|
|
I tried removing previous versions and get an odd "Installer not found" error.
_________________
"I stab thee with a rusty spork."
  |
|
| Back to top |
|
|
fcukdat
Warrior Addict
Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.
|
| Posted: Sun Nov 27, 2005 4:22 am Post subject: |
|
|
| thejynxed wrote: |
| I tried removing previous versions and get an odd "Installer not found" error. |
I've tried searching the Sun Java website for help and this is what i could locate relating to removing the software>>>
http://www.java.com/en/download/help/5000010800.xml
If you know how to manually remove software,you could always remove all versions by manual means+registry cleaner and then go and download the most recent version 
Or alternatively contact Sun Java for assistance.
HTH 
_________________
Malware hunter....Got Bot ?
MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html |
|
| Back to top |
|
|
thejynxed
Warrior
Joined: 09 Nov 2004
Last Visit: 14 Oct 2007
Posts: 89
Location: Pennsylvania
|
| Posted: Sun Nov 27, 2005 5:31 am Post subject: |
|
|
I just used jv16powertools to do it. Windows Add/Remove kept looking for an .msi file, couldn't find it, etc. etc. Powertools had no trouble removing the software. Go figure.
_________________
"I stab thee with a rusty spork."
|
|
| Back to top |
|
|
fcukdat
Warrior Addict
Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.
|
| Posted: Wed Nov 30, 2005 11:21 am Post subject: |
|
|
Sun Java have updated there warning for this exploit to Critical>>>
http://secunia.com/advisories/17748/
 But they still will not reccomend people remove earliar versions.
A suggestion to any victims of WinFixer/Vundo/Virtumondo who have earliar versions of Sun Java software and more than probable victims of this exploit on their PC would be to contact the company and thank them for your infection 
_________________
Malware hunter....Got Bot ?
MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html |
|
| Back to top |
|
|
Webroot_SS
Malware Expert
Joined: 09 Feb 2005
Last Visit: 13 Feb 2008
Posts: 52
|
| Posted: Wed Nov 30, 2005 12:51 pm Post subject: Re: FAO victims of the Vundo/Winfixer/Virtumonde infection |
|
|
| fcukdat wrote: |
*Additional Variant removal update
It has been found that some variants can be removed By Webroot SpySweeper that the Symantec removal tool is ineffective against.
SpySweeper is available on a 14day free trial and can be downloaded from>>>
http://majorgeeks.com/Spy_Sweeper_d3263.html
*Remember it is still crucial to post a HJT log for inspection since other malware may still be on your system
|
Spy Sweeper should be getting most if not all known variants of this.
If you happen to have a Vundo/Winfixer/Virtumonde infection that Spy Sweeper is not able to remove, please contact Webroot support and we will gather the files needed and update our definitions.
http://support.webroot.com/ics/support/default.asp?deptID=776 |
|
| Back to top |
|
|
CalamityJane
Site Admin
Joined: 05 Feb 2004
Last Visit: 22 Sep 2009
Posts: 1020
Location: Central Florida, USA
|
| Posted: Wed Nov 30, 2005 6:32 pm Post subject: Re: FAO victims of the Vundo/Winfixer/Virtumonde infection |
|
|
| Webroot_SS wrote: |
| fcukdat wrote: |
*Additional Variant removal update
It has been found that some variants can be removed By Webroot SpySweeper that the Symantec removal tool is ineffective against.
SpySweeper is available on a 14day free trial and can be downloaded from>>>
http://majorgeeks.com/Spy_Sweeper_d3263.html
*Remember it is still crucial to post a HJT log for inspection since other malware may still be on your system
|
Spy Sweeper should be getting most if not all known variants of this.
If you happen to have a Vundo/Winfixer/Virtumonde infection that Spy Sweeper is not able to remove, please contact Webroot support and we will gather the files needed and update our definitions.
http://support.webroot.com/ics/support/default.asp?deptID=776 |
True, it does! And thanks for your efforts on battling this infection Webroot 
We also have a free "fix tool" by spyware expert Atribune that can remove it with assistance from a Spyware Warrior removal helper in the forums
_________________
Microsoft MVP 2003-2008, Windows - Security |
|
| Back to top |
|
|
fcukdat
Warrior Addict
Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.
|
| Posted: Wed Nov 30, 2005 11:29 pm Post subject: Update 6 released |
|
|
Sunn Java within 24hrs of releasing security patch's have now released software updates 
http://java.sun.com/j2se/1.5.0/download.jsp
The madness still continues since Sunn are still not instructing people to uninstall the earliar vulnerable versions from people PC's.
Thanks CJ for additional info supplied,its plain madness to think that this exploit has been known of since Feb2005 and yet Sunn take no effective action
| Quote: |
| Editorial Note by CalamityJane: I did not "discover" this vulnerability - I've just been spreading the word. Two fellow MS MVPs (Steve Wechsler aka MowGreen & Sandi Hardmeier) have been after Sun Microsystems on this since last February 2005. Sun acknowledged back then that older (vulnerable) versions on a system can be called up by Malware and exploit the system, but have failed to do anything about it to date |
_________________
Malware hunter....Got Bot ?
MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html |
|
| Back to top |
|
|
Nick
Site Admin
Joined: 27 Feb 2004
Last Visit: 28 Aug 2012
Posts: 3913
Location: California
|
| Posted: Sat Dec 10, 2005 11:48 pm Post subject: |
|
|
Edited first post to reflect that 1.5.0_06 is the current version of java.
_________________
Nick's Security Ticker
 |
|
| Back to top |
|
|
fcukdat
Warrior Addict
Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.
|
| Posted: Sun Dec 11, 2005 11:01 am Post subject: |
|
|
| Nick wrote: |
| Edited first post to reflect that 1.5.0_06 is the current version of java. |
Thanks Nick,can you also edit my 3rd post(Last line) to show new most recent version
_________________
Malware hunter....Got Bot ?
MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html |
|
| Back to top |
|
|
fcukdat
Warrior Addict
Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.
|
|
| Back to top |
|
|
fcukdat
Warrior Addict
Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.
|
|
| Back to top |
|
|
|
)
Great commentary here>>>