Posted January 26, 2010 There's a pretty brutal vulnerability in the java JRE < 1.6.0_17 that's being exploited by some people who got themselves onto some of the larger ad networks. You don't have to interact with the ad to get pwned; it just has to load in your browser. There are a few malware packs being injected, and I guess only one of 41 scanners is picking it up ( i don't remember which one, off hand ). If you've recently gotten a popup or driven to a page for weird Anti Virus software, your machine's probably infected. it looks like there was a CVE For this awhile ago http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353 Share this post Link to post Share on other sites
Posted January 26, 2010 Always wear a condom. (Not what you think it is) Share this post Link to post Share on other sites
Posted January 26, 2010 Wrong CVE link, but the issue is real. Automatic java updates are your friend! (Although, ironically, one of the issues is that the automatic update fails...) Share this post Link to post Share on other sites
Posted January 26, 2010 Automatic java updates are your friend! Or NoScript, at least for Firefox users... Share this post Link to post Share on other sites
Posted January 27, 2010 I guess it's this link http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3874 Share this post Link to post Share on other sites
Posted January 27, 2010 I use an anti script program, and do not allow ANY scripts unless I know what it is, and what it is for / does. As far as that "sandybox" is there something similar, but compatible for 64bit W7? Share this post Link to post Share on other sites
Posted January 28, 2010 As far as that "sandybox" is there something similar, but compatible for 64bit W7? There's a 64-bit version of the latest beta available, as I believe it tells you if you try to install the 32-bit version... Share this post Link to post Share on other sites
Posted January 28, 2010 Or NoScript, at least for Firefox users... Yep, noscript + adblock + noflash ftw. How people can browse the adflashjavanet without them is beyond me. Share this post Link to post Share on other sites
Posted January 28, 2010 Wrong CVE link, but the issue is real. Automatic java updates are your friend! (Although, ironically, one of the issues is that the automatic update fails...) Irony aside, at least when it fails you know there is a new version to go get from java.com. Maybe they should rename it autoremind. Although monthly checks (the default) are probably not frequent enough considering how common java is on the net. I suggest everyone go to their settings and change to daily or weekly. The settings are in windows control panel for XP or older users, for vista or newer, just search java in the start menu search box. Share this post Link to post Share on other sites
