Free Republic
Browse · Search
News/Activism
Topics · Post Article

To: SoFloFreeper

My neighbor had ransomware last week and neither malware bytes trend etc scans removed it all. I found it using process explorer and winpatrol (and prayer). Both should come with windows.


After news broke on Thursday that a new Java 0-day vulnerability had been discovered, and was already being included in multiple popular exploit kits, two new important tidbits have come in on Friday. Firstly, this whole fiasco could have been avoided if Oracle had properly patched a previous vulnerability. Furthermore, not only is the vulnerability being exploited in the wild, but it is being used to push ransomware...

We noted yesterday that the two most popular Web threat tools used by hackers to distribute malware, the BlackHole Exploit Kit (BHEK) and the Cool Exploit Kit (CEK), already included the latest Java exploit. Before we dive in to how CEK is already being used to push ransomware, here’s a bit of background information.

Created by the same guy, CEK is the high-end version of BHEK ($10,000 per month versus $1,500 per year). 0-day exploits are first incorporated into the former and only added into the latter once they have been disclosed.

For those who don’t know, ransomware is a very profitable type of threat which restricts access to the computer it infects, spamming the user with prompts that demand a ransom paid for functionality to be reinstated. Access is limited either by encryption or locking the system.

CEK has been used to distribute ransomware before, but now it’s also using this latest Java vulnerability to do so. Trend Micro has detected the exploits in question as JAVA_EXPLOIT.RG and HTML_EXPLOIT.RG, as well as the ransomware payloads as Reveton (TROJ_REVETON.RG and TROJ_REVETON.RJ).

“Reveton is one of the most common ransomware threats in existence today; these lock user systems and show spoofed notifications from local police agencies,” Trend Micro says. “These inform users that to unlock their system, they must pay a fine ranging from $200 to $300.” -http://thenextweb.com/insider/2013/01/11/latest-java-vulnerability-possible-since-oracle-didnt-properly-fix-old-one-now-pushing-ransomware/


Luckily with the latest versions of Java, users who need to keep it active can change a couple of settings to help secure their systems. Go to the Java Control Panel that is installed along with the runtime, and in the Security section uncheck the option to “Enable Java content in the browser,” which will disable the browser plug-in. This will prevent the inadvertent execution of exploits that may be stumbled upon when browsing the Web, and is a recommended setting for most people to do. If you need to see a Java applet on the Web, then you can always temporarily re-enable the plug-in.

The second setting is to increase the security level of the Java runtime, which can also be done in the same Security section of the Java Control Panel. The default security level is Medium, but you can increase this to High or Very High. At the High level, Java will prompt you for approval before running any unsigned Java code, and at the Very High level all Java code will require such approval, regardless of whether or not it is signed.- http://reviews.cnet.com/8301-13727_7-57563567-263/new-malware-exploiting-java-7-in-windows-and-unix-systems/


39 posted on 01/12/2013 7:14:28 AM PST by daniel1212 (Come to the Lord Jesus as a contrite damned+destitute sinner, trust Him to save you, then live 4 Him)
[ Post Reply | Private Reply | To 1 | View Replies ]


To: daniel1212; All
I disabled .. then removed Java about 0900 Eastern and played around with what I usually do.

I found no effect except ...

I don't go to FR as my homepage without logging in and password

I've been in "convenient" setting for FreeRepublic for 14 years and I have never had to re-enter my screen nasme nor password.

I can boot up in the morning, click "Internet" in my start-up, and go immediately to FR, which is my home page .. no log-in etc.

So, being lazy, I re-installed Java, checked up that I have the latest version and shut down, re-booted and I STILL have to log into FR.

I changed my setting to "more convenient" andf it didn't make a difference. NOW, I can't get into FR without logging in and password.

I don't like that.

Can anyone help me on this ?

44 posted on 01/12/2013 7:30:53 AM PST by knarf (I say things that are true ... I have no proof ... but they're true)
[ Post Reply | Private Reply | To 39 | View Replies ]

Free Republic
Browse · Search
News/Activism
Topics · Post Article


FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson