#1 STUNNA

I've been meaning to make this thread for a while. I'd like this to be where we can discuss the latest trends in malware, phishing attacks, social engineering attacks, etc. Also things to look out for, how to configure your computer to enhance security and where people can come and get help if they need it.

#1 STUNNA

First up, MS found that Java exploits are greatly on the rise!



<div> <table style="display: inline; border-collapse: collapse; font-size: 1em" border="1" cellspacing="2" cellpadding="2" width="532"><tbody> <tr> <td style="vertical-align: top" class="ms-rtetablecells" width="64"> <div><strong>CVE</strong></div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="54"> <div align="right"><strong>Attacks</strong></div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="67"> <div align="right"><strong>Computers</strong></div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="335"> <div><strong>Description</strong></div> </td> </tr> <tr> <td style="vertical-align: top" class="ms-rtetablecells" width="64"> <div>CVE-2008-5353</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="58"> <div align="right">3,560,669</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="71"> <div align="right">1,196,480</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="328"> <div>A deserialization issue in vulnerable versions of JRE (Java Runtime Environment) allows remote code execution through Java-enabled browsers on multiple platforms, such as Microsoft Windows, Linux, and Apple Mac OS X.</div> </td> </tr> <tr> <td style="vertical-align: top" class="ms-rtetablecells" width="63"> <div>CVE-2009-3867</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="62"> <p align="right">2,638,311</p> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="75"> <div align="right">1,119,191</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="323"> <div>Another remote code execution, multi-platform issue caused by improper parsing of long file:// URL arguments.</div> </td> </tr> <tr> <td style="vertical-align: top" class="ms-rtetablecells" width="62"> <div>CVE-2010-0094</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="65"> <p align="right">213,502</p> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="78"> <div align="right">173,123</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="319"> <div>Another deserialization issue, very similar to CVE-2008-5353.</div> </td> </tr> </tbody></table> </div>
Which if I borrow from Alex2364 here's a screenshot of MSE on his PC



Now luckily of you've been updating your Java you're ok cause these have all been patched

I was on my brother's PC a couple days ago and saw some of the similar exploits, I'm not sure if they were successful or not cause they were in protected mode but I don't think he'd updated his Java in a while.

Just a reminder to update your third party software (flash, java, reader) cause it's now become the main point of attack instead of Windows.

I recommending going to www.ninite.com clicking on java, flash and reader and letting it update it for you.

http://blogs.technet.com/b/mmpc/arch...-the-java.aspx

EL19

iTrader: (4)

good info!

Yumcha

Good thread, Stunna...

Whiskers

Been hearing good things about Avast Free.

stogie1020

#1 STUNNA

now for a little advice on how to configure Adobe Reader. Reader like most adobe software is riddled with security holes and they've been getting their ass handed to them as of late on the security front. There are some a couple settings you can change that will help this though.

If you open reader and go to preferences (ctrl + k) and
1. click on "Javascript" and turn off javascript.
2. Then go to "Trust Manager" and turn off "Allow opening of non-pdf file attachments with external applications"

Now if you're wondering if you should've had a holy shit WTF moment while reading the last two the answer is yes. By default reader allows javascript aka the java exploits I mentioned above to be run via PDF! As are external applications, so you open a PDF and it runs a malicous exe! WTF! Why does reader need to run java or external applications!?!?

I turned these off a few months ago and I'm glad that I did. Recently I was browsing a shady site and I moused over or accidentally clicked on a flash banner and bam! Reader opens up real fast with a blank PDF and this PDF wants to run Javascript! Luckily I had turned Java off for PDFs and so Reader was waiting for me to approve this PDF to run Java which I of course declined. Then the same thing happened a few days later. I wonder if I had java turned on would that blank empty PDF have even opened or would it have just done it's exploit in the background.

As for downsides, I've yet to see a legit PDF prompt me to run Javascript or open an external application. So please do yourself the favor and turn those settings off.

alex2364

I feel so special now.

#1 STUNNA

It might be a good idea for you guy to clean out your java cache since apparently CCleaner doesn't clean that.

you can clean your java cache by in Vasta/7 just do a seach for "Java" click on the java control panel, click settins for Temp internet files and then choose delete. For XP click control panel and then choose the java control panel the rest of the steps are the same.

5o9

^ Thanks

I could not find a javascript option

#1 STUNNA

yes, you're special! You're 1 out of 6 million that MSE has detected in the past few months. You can add Mizouse and my brother to the list too.

alex2364

Because of this thread, I did a full scan on my computer and it found an "Exploit:Java/CVE-2009-3867.LM". I wonder where I'm getting all these things from.

#1 STUNNA

You shouldn't have to worry about those because the whole is patched. You have the malicous file but it can't execute cause it doesn't work.

Just like I can have the files for Conficker on my PC but it can't do shit cause Windows 7 isn't vulnerable to it.

But yeah some shady site is trying to fuck up your world

doopstr

You could just buy a mac and skip this thread.

TS_eXpeed

Oh noes! An 'official' thread not started by a mod.

Whiskers

03SSMTL-S

http://www.bleepingcomputer.com/comb...o-use-combofix

COMBOFIX FTW

love this program used it so many times and fixed so many computers

svtmike

My thoughts exactly. I recommend renaming him to #1 Doucher again though instead of ban-hammering.

jupitersolo

IIRC it didn't have the "official" in the title when the thread started.

stogie1020

SHHHHHHhhhhhh!

svtmike

Scottman111

I've rarely found anything that it couldn't fix, even though sometimes it involved some tweaking.

And always download a new copy when you use it, and only from that link!

jupitersolo

Just gotta say he's not THAT stupid.

Ken1997TL

Fail..

mcflyguy24

Thank you for this thread. I went and turned off all the java shit in reader and had no idea that was how reader was able to get pdf exploits until this. What do you think is better to use AVG free or MSE for security? I don't wanna pay money cos I haven't had any issues with good free anti-virus software lately.

Ken1997TL

Microsoft Security Essentials doesn't noticeably slow down my machine and occasionally picks something up. I browse safe and sane websites though, so your mileage may vary.

svtmike

I use MSE on all of my home computers as well. It's been solid except on my son's XP machine where he managed to contract a virus (he doesn't do a good job of keeping it up to date). It was a quick/easy repair once I killed the infection and updated MSE.

#1 STUNNA

MSE

And my title didn't originally have the word official in it, yumcha edited the title.

Also yeah the thing with these exploits in 3rd party software is that they're usually cross platform so don't get all high and mighty

#1 STUNNA

Since I've been on this forum I think I've given pretty much all the tips I've got right now for securing your Computer. Let's review shall we.

1. Block 3rd party cookies which are usually for tracking you and sending you junk mail. This is done in your browsers cookie/content/privacy options. I've noticed in the past few months that I don't get junk email anymore, IDK if it's cause Hotmail really stepped it's game up or what but I haven't seen any unsolicited junk hit my inbox in months and I kinda like it.

2. Install MVPS HOSTS File, it blocks ad servers and known servers that serve malware. This leads to a safer, less annoying and faster internet experience. I put a shortcut too rename the HOSTS file on their desktop and have them use it if the encounter a site that causes an issue, which isn't very often. www.mvps.org/winhelp2002/hosts.htm http://www.mvps.org/winhelp2002/hostsfaq.htm#Rename

3. Go to www.ninite.com and install updates for your software, update them when they tell you too.

4. Run MSE, it's the best free AV I've used. Nothings perfect but I don't really have any complaints about it. www.microsoft.com/security_essentials

5. Use Google Chrome, it's sandboxed browser adds another layer of protection, the sandbox even works in XP so it's definite improvement over any of the competitors not to mention speed and UI. www.google.com/chrome

6. Disable Javascript and prevent PDFs from opening executable files in Adobe Reader. Even if you use Foxit reader or any other 3rd party reader you're still vulnerable to an exe exploit. https://acurazine.com/forums/showpos...20&postcount=7

That's pretty much all the changes I make on a computer to secure it. I've done this on a bunch of computers and I've yet to be called back for a malware infection. I'm not saying it's bulletproof I'm just speaking from my experience so far.

Whiskers

I make $65 for every virus I clean out....So stop it.

rza49311

iTrader: (1)

8. Use common sense(think before you click)...Often overlooked and doesn't require a download or update

The Dougler

iTrader: (1)

Thoughts about including other random helpful utilities in this thread or do they warrant their own thread?

jupitersolo

99% of the time, the head w/o brains is surfing...

Scottman111

Wouldn't that be nice. Seems like a lot of people using their work computers care even less. I really don't know how a company can survive without a web filter.

#1 STUNNA

isn't it fucked up when you have to go back to client 3 or 4 times!? I have this client who just kept getting viruses, every few months I'd be back over fixing it. Eventually her PC died so I had to rebuild it, I put her on Windows 7, installed MSE and the HOSTS file and I haven't had to go over there for malware since. But there's lots of other fish in the sea.

I tell people this but I can't enforce it.

https://acurazine.com/forums/technology-16/software-tip-week-740534/

rza49311

iTrader: (1)

I think the most annoying one is email. I get calls from people "i'm not sure if this is legit or not" after I shown them 100 times how to hover over to see the links :sniper:

rza49311

iTrader: (1)

I think the most annoying one is email. I get calls from people "i'm not sure if this is legit or not" after I shown them 100 times how to hover over to see the links

Cruz_msl

Great thread Stunna, thanks

justnspace

iTrader: (1)

Thanks.

*edit

MSE for 64bit win7??
hurry im unprotected.

nvm I dled from ninite

TylerT

iTrader: (1)

^ Ninite is awesome, we use it on our deployments .

All great info in this thread, MSE is a great program.