| reply to justin
Re: asdf.exe / theonion.com Sorry to take so long. I was(and am) using Sun Java ver. 1.4.2.08. At least 1.4.2.04. I think I d/l'ed an update not too long ago. But I know at the time the file was dropped on my box I was using 1.4.2.04 at least. Strange, it blew into town and then blew out. Who was that masked stranger? btw I turned off Java and Javascript |
|
| You shouldn't have to turn off Java, at least as long as you've updated. But Javascript -- which is a completely different technology, the name notwithstanding -- has historically had security issues. Security specialists typically suggest disabling Javascript except on trusted sites.
-dave |
|
| reply to Tuulilapsi
I also got infected by the winsp3.exe problem immediately after downloading the newest release of Firefox. I will not take them to task due to the wonderful work they do, but someone has really dropped the ball on this one. Actually, I really hope I'm wrong but at this point, I'm hooped. AVG sees it so does Trend, neither is effective at removing it and it shuts down Windows Beta Spyware checker very effectively. |
|
 sybilleNot only "just visiting"Premium
join:2004-04-06
France | said by Justmeagin :
I also got infected by the winsp3.exe problem immediately after downloading the newest release of Firefox. Which version of Sun Java do you have installed?
Also, since it sounds like you're having trouble removing the infection, you might want to give the steps here a try:
»Security »I think my computer is infected or hijacked. What should I do?
There are instructions for using a series of different scanners, as well as for what to do if the scanners don't do the job. |
|
| reply to gruntled2
said by gruntled2 :
You shouldn't have to turn off Java, at least as long as you've updated. But Javascript -- which is a completely different technology, the name notwithstanding -- has historically had security issues. Security specialists typically suggest disabling Javascript except on trusted sites.
-dave
Well, One thing about Java is that any site can bypass the sandbox by signing the applet, and if the user accepts the cert/ trusts it by clicking through.
That nailed quite a few people in the past with firefox.
As for javascript, it seems that almost every exploit needs it as a launch trigger point, so turning it completely off would give you protection yes, but might break some sites.
So to get the best of both worlds, you might play with selectively turning off certain js functions. This is possible in firefox,opera and IE.
|
|
| I believe that the sandbox cannot be bypassed by a Java applet, signed or no, except in flawed implementations (that is, this is a bug, not a feature). Updating to current versions should eliminate this issue. |
|
| said by gruntled2 :
I believe that the sandbox cannot be bypassed by a Java applet, signed or no, except in flawed implementations (that is, this is a bug, not a feature). Updating to current versions should eliminate this issue.
Sun disagrees with you?
quote:
JDK 1.1 introduced the concept of a "signed applet", as illustrated by the figure below. In that release, a correctly digitally signed applet is treated as if it is trusted local code if the signature key is recognized as trusted by the end system that receives the applet. Signed applets, together with their signatures, are delivered in the JAR (Java Archive) format. In JDK 1.1, unsigned applets still run in the sandbox.
»java.sun.com/j2se/1.3/docs/guide···oc1.html |
|
 justinAustralian
join:1999-05-28
New York, NY
kudos:7 | quote:
if the signature key is recognized as trusted by the end system that receives the applet.
The install will default to no trust, asking the user if they want to trust and run the signed applet. |
|
| said by justin: quote:
if the signature key is recognized as trusted by the end system that receives the applet.
The install will default to no trust, asking the user if they want to trust and run the signed applet. said by RobertLudum :quote:
Well, One thing about Java is that any site can bypass the sandbox by signing the applet, and if the user accepts the cert/ trusts it by clicking through.
Exactly. People nowdays are careful about signed ActiveX, I wonder how many know this for signed Java applets? |
|
| reply to justin
i got this file too, and now my windows is a little bit malformed (???) don´t know how to say... i´m german... but it looks slightly damaged... small white stripes all over the symbols and programs (firefox, trillian, my taskbar)
could asdf.exe have done that?? |
|
| reply to justin
it appears the the trojan horse is doing more thin would appears i left it on and did a Trace on it and it seems that it has a healthy link. i will post all in time when IM done logging it and and tracing its path it seams to be working its way around |
|
