Subject: General Tech | March 5, 2013 - 06:26 AM | Tim Verry
Tagged: security, patch, mcrat trojan, Java, exploit
Java developer Oracle recently released a patch to its Java Platform Standard Edition client to address two exploits used by attackers to install the McRAT trojan onto users machines. Specifically, Oracle is issuing the patch for vulnerabilities CVE-2013-1493 and CVE-2013-0809.
The vulnerabilities were related to Java running in a web browser. When users visit a malicious web site with vulnerable versions of Java installed, attackers are able to remote execute the McRAT trojan. That trojan was subsequently used to download additional malware to further compromise the machines in question. According to Oracle, the vulnerability was first discovered on February 1st, 2013 but did not make it in time to be rolled into that month’s scheduled update. As a result, Oracle slated it for inclusion in the Java platform update on April 16, 2013, but reconsidered after seeing exploits using these vulnerabilities in the wild. While servers and standalone Java installations are not affected, consumers will need to apply the patch via Java SE’s automatic updater or by manually installing the patch from this page. Currently, all Java SE versions prior to this patch are affected, including JDK and JRE 7 Update 15, 6 Update 41, and 5.0 Update 40 (or earlier).
Oracle states that the patch is a critically important update, and users should update as soon as possible. If you have not already applied the update (or given up on Java and uninstalled it completely--heh), start up Java and check for updates to grab the patch.
Subject: General Tech | April 5, 2012 - 10:47 PM | Tim Verry
Tagged: apple, OS X, Java, trojan, flashback, botnet
Recently, word of a java bug that allowed malware -- namely a trojan known as “Flashback” -- to sneak onto OS X machines started making its way around the Internet. This piece of malicious code even managed to get its claws into Apple’s OS X operating system. Bit-Tech reports that a Russian anti-virus company known as Dr.Web has identified more than 550,000 OS X computers as taking part in a botnet -- a network of computers executing malicious code in unison, which can be used to DDoS websites, assist in harvesting information, and recruit new members to the nefarious network.
Located primarily in the United States, Canada, and the UK the Flashback trojan infected a number of computers and granted immediate access to the attackers. They estimate 56.6% of the infected computers were located in the US while 19.8% were in Canada and 12.8% where stationed int he UK. This makes for a very widespread infection, and it has taken Apple a few weeks to push out a patch.
If you are reading this on a Mac, don’t panic. Be sure to apply the recent Apple update, and double check that your Java version you are running is Java 6 update 31. Even if you are on a Windows machine, make sure you are using the latest version of Java to keep you as secure as possible. Identifying if you are already affected is a bit tricky, but Digital Trends has posted instructions on how to find out if you are infected and provided links to several methods of virtual bug spray to get rid of the malware.
While this does not suddenly mean OS X is a buggy wasteland full of vulnerabilities as some articles have suggested, it is a gentle (and rather horrid for those that are infected) reminder to be safe out there on the Internet and that a little anti-virus combined with safe browsing habits can go a long way to keeping you safe whether you are a Windows, Mac, or Linux user. Even if it is AV that you only run every now and then and doesn’t run all the time, it can provide a bit of piece of mind by letting you know your system is clean. Also, if you have to use Java, keep it updated along with all your other programs.