A serious new vulnerability notice about Java exploits has been issued by the Department of Homeland Security’s Cybersecurity Division. Java 7 Update 10 and earlier contain a vulnerability that can allow a remote attacker to execute malware on vulnerable systems.
A French researcher called Kafeine discovered that a number of websites using the exploit are able to download files directly to the victim’s computer, and execute actions such as installing ransomware. “Hundreds of thousands of hits daily where i found it,” he wrote on his blog. “This could be a mayhem.”
Disable Java in web browsers
Some webpages may include content or apps that use the Java plug-in. There is no fix for this yet, so it is recommended that you protect yourself by disabling Java in your particular browser. Please see our previous blog How do I disable Java in my browser for instructions.
For a higher level of security, it is possible to entirely prevent any Java apps from running in a browser by de-selecting Enable Java content in the browser in the Java Control Panel under the Security tab. Disabling Java through the Java Control Panel will disable Java in all browsers.
Security experts agree that enterprise security is growing more complex this year with the continued development and growth of big data, mobile useage, BYOD (bring-your-own-device), and cloud computing. The impact that malware had across the financial and business sectors in 2012 even have IT pros rethinking traditional models of security.
Jonathan Penn, Avast Software’s Direct of Strategy, looks at some of the security trends that will put pressure on IT professionals in 2013.
Mobile as an attack vector
As business use of smartphones and tablets increases, attackers will target your employees’ mobile devices; not to compromise the device itself, but to gain entry into your corporate IT environment for purposes of data theft.
Big Data = Big Target
Many “big data” analytic efforts are maturing, and with that they are starting to migrate to the cloud and are being opened up to use by 3rd party partners. All this means more opportunity for inappropriate access and compromise of treasure troves of data.
Growth in security outsourcing
Use of managed security services (MSS) is an ever-expanding trend, but is being further propelled by corporate BYOD challenges and by advances in security analytics that bolster the case for having MSSPs monitor your IT environment for signs of attack.
Shift in endpoint security perspectives
IT security professionals look at iPhone and iPads and wish that their corporate systems could be as trustworthy. While there are many reasons why you can’t draw an equivalence between Windows and iOS, we will start so see organizations try to bridge this gap by shifting to a more “default-deny” attitude. In 2013, we will see notable strides in enterprise use of application whitelisting, virtualization and sandboxing, and other techniques that either assume programs are malicious unless proven otherwise or simply isolate them as a just-in-case measure.
As a malware analyst, I sometimes have to deal with files, which cannot be classified as computer virus or malware, but their behavior when executed by user is still considered unwanted or suspicious. In this blogpost, we will look at an adware downloader. It comes in two different versions, one tiny – having only about 17KB and being written in .NET, and the other one bigger, using getrighttogo downloader builder. In user’s computer, downloader was found in the following directory.
C:\Documents and Settings\Administrador\Meus documentos\Downloads\filme(1).exe
Users’ computer got infected via one of many sites similar to following ones – websites offering to download movies. After clicking on download links, .exe files were offered to download.
Figure 1 – Example of site the downloader was originally downloaded from
Last month we wrote about a flaw in Microsoft’s Internet Explorer that could allow cybercrooks to take control of a Windows-based computer if the user browses to a malicious website. The website making news for that attack was the US-based think tank, the Council on Foreign Relations (CFR). Avast Virus Lab has since discovered that two Chinese human rights sites, a Hong Kong newspaper site, a Russian science site, and weirdly, a Baptist website (see the recent tweet) are also infected with the Flash exploit of IE8.
You can imagine the interesting audience that frequents sites such as these. The CFR, for example, attracts high ranking government officials including former presidents and secretaries of state, ambassadors, journalists, and leaders of industry. These sites were chosen on purpose; instead of targeting the general masses, like in a phishing attack, the perpetrators of a so-called “watering hole attack” target specific topics like defense or energy and lie in wait for persons of interest to visit, similar to a predator at a watering hole waiting for its victims to come to it. Read more…
At the end of November 2012, AVAST launched our Free for Education program, giving business-grade antivirus protection to schools, universities, school districts, libraries, and other education institutions in the USA – for free. I have to say… things are going really well (Albeit there is one unbelievable “but”…) Read more…
A flaw in Microsoft’s Internet Explorer (IE) 6, 7 and 8 could allow hackers to take control of a Windows-based computer if the user browses to a malicious website. Security Advisory 2794220 was issued over the weekend and soon after a team blog reported that, “We are only aware of a very small number of targeted attacks at this time. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.”
Microsoft has made a temporary fix available for the zero-day vulnerability until it can deliver a formal patch.
Be particularly careful if you are using versions 6, 7 or 8 of the IE browser. Versions 9 and 10 are not affected by the vulnerability. Check which version of IE you’re running by opening IE, click the Help question mark icon on the right and choose About Internet Explorer. To upgrade an older version of IE, go to Start > Control Panel > Windows Update.
We recommend switching browsers for a more secure one like Google Chrome. In addition to being more secure than IE 8, it is also faster and supports HTML 5, giving you a better browsing experience. Download free Google Chrome here.