3 edits | Potential Vulnerability with Sun Java auto update Multiple Choice Poll
Which version of Sun Java is installed? |
|
We have noticed a large number of Winfixer/ Vundo / Virutmonde Victims have an older version of Sun Java (v. J2SE 1.4.2_03) installed in Add/Remove Programs in the Control Panel. Other older or newer versions may also be installed, however, we are wanting to know if you have this version on your system.
If you've been a victim of this malware (or have been helping one), would you please take the time to answer the poll ?
Also, if you have more than one version installed, please list them in a reply to this thread.
Why do we want to know?
Fellow MS MVP Steve Wechsler (aka MowGreen) wrote to Sun Microsystems (makers of Sun Java) to express the concerns raised in the Security Community that autoupdaters of Sun Java do not uninstall previous (vulnerable) versions of the program. He asked for clarification that if a User utilizes the automatic update mechanism of the JRE the previous vulnerable version is left on the system, and that those previous vulnerable versions can still be called by malware. The folks at Sun Microsystems wrote back confirming this is true and they would be investigating updating the java.com pages and the auto update uninstallation issue. That was back in February and to date, none of these issues has been resolved.
Therefore all users are encouraged to please check in your Control Panel, under Add/Remove programs and uninstall any older versions of Sun Java. And in the future, remember to remove older versions of Java when you automatically update to a newer version to avoid exploitation of older versions left on your system.
The most current version of Sun Java can be found and downloaded from here:
»java.com/en/download/windows_xpi.jsp
To check your version to see if it is the latest version, Please go here:
»www.java.com/en/download/installed.jsp
Follow the instructions on that page to verify Your Java software
Please remember to uninstall all old versions of Sun Java
According to the bulletins, CERT also warns about java bug being exploited and you can read more about it here:
»isc.sans.org/diary.php?storyid=1039
The current *fix* for Vundo/Virtumonde/Winfixer can be found here:
»Security Cleanup FAQ »Trojan Vundo/Virtumonde/Winfixer Removal
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
| Re: Winfixer/ Vundo / Virtumonde Victims : Please Thanks for the votes so far. Please do reply here with what versions you have if there is more than one, please 
Thanks! |
|
 Pole883Premium
join:2004-01-27
Schenectady, NY
kudos:2 |  ;)
Thanks Jane!!
Mike |
|
| You're welcome, Mike. Thanks for voting and I hope the extra info was a help |
|
|
|
 LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23
 ·Comcast
| reply to CalamityJane
Thanks for the poll CJ!
I am one of those nuts that hates sysytem clutter. First time I found out that the old versions of Sun JRE were not removed, I did it manually. I only have the most recent version installed. All others gone.
--
When angry count four; when very angry, swear.
Microsoft MVP Windows-Security 2005
Gladiator Security Forum |
|
 fuzzFuzzPremium
join:2000-06-05
FuzzLand | reply to CalamityJane
Re: Winfixer/ Vundo / Virtumonde Victims : Please Read Had 3 and 4 installed, saw this thread, installed update 5 then removed 3 and 4.
--
fuzz |
|
 jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA | reply to CalamityJane
Re: Winfixer/ Vundo / Virtumonde Victims : Please CJ,
Not a victim, but I want to thank you for bringing the subject up anyway. Each of the machines here only had one installation of the Sun JVM -- and each one was a different version! 
Got them all in synch now. Thanks again.
--
Regards, Joseph V. Morris |
|
1 edit | You're welcome, JV! I had a couple of old versions still on here too. Until Sun fixes these issues, it's hard to remember to go in and manually remove the older versions after a Sun Java Update 
They don't state that about removing older versions on their download webpages either. |
|
| I did´nt install Sun-Java and don´t miss it as yet. |
|
| said by DevilFrank:I did´nt install Sun-Java and don´t miss it as yet. Ok! Comments are most welcome from all!
Reminder:But please don't vote if you have not been infected with Vundo We're trying to educate folks, too but Steve would like to get an idea of what versions were running on current/previously infected with Vundo/Winfixer PCs only
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
garys_2kPremium
join:2004-05-07
Farmington, MI Reviews:
 ·Callcentric
·Future Nine Corp..
| said by CalamityJane:Reminder: But please don't vote if you have not been infected with Vundo We're trying to educate folks, too but Steve would like to get an idea of what versions were running on current/previously infected with Vundo/Winfixer PCs only DOH! So sorry! I voted "None installed" becasue that's what I have, but I wasn't infected. Deduct my vote, and sorry for the confusion on my part. |
|
 mazhurgPremium
join:2004-05-02
Portage La Prairie, MB
1 edit | reply to CalamityJane
... remove me |
|
mazhurgPremium
join:2004-05-02
Portage La Prairie, MB Reviews:
 ·MTS
| reply to CalamityJane
Reminder:But please don't vote if you have not been infected with Vundo Sorry, my fingers got way ahead of my comprehension tonight... Please remove my vote under other versions.
|
|
| said by mazhurg:Reminder:But please don't vote if you have not been infected with Vundo Sorry, my fingers got way ahead of my comprehension tonight... Please remove my vote under other versions. No problem. And thanks for posting to let us know.
ALL comments welcome, we just only want the Vundo infectees voting.
Feel free to leave your comments or questions here though
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
 mers2Premium,MVM
join:2004-03-20
USA
kudos:8 | reply to CalamityJane
Remove me as well. Since I saw others vote who I know haven't been infected, I did as well. Voted using a different version then 1.4.2_03 (1.5) and I only have the one version as I am obsessive about keeping a clutter free system.
--
God put me on this Earth to accomplish a certain number of things. Right now, I am so far behind I will never die. |
|
| Thanks for your comments, mers2!
Yes, we want comments - but the actual voting is for Vundo infectees only (just to clarify). Don't want anyone to feel they can't comment or ask a question or lend input
{{{Hugs}}}
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
 siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17
·Bell Sympatico
| reply to CalamityJane
Re: Winfixer/ Vundo / Virtumonde Victims : Please Read Thanks for the poll CJ, redundant installs now removed.
If only Sun would fix this issue, I'll bug Mow to keep bugging them to clean up the update process.
Regards,
--
siljaline MS - MVP Windows (IE/OE) & Security, AH-VSOP |
|
 jig
join:2001-01-05
Hacienda Heights, CA | reply to CalamityJane
just for sanity,
is Winfixer/ Vundo / Virtumonde wasy to scan for? do either spybot, adaware, or avg find it? |
|
| Re: Winfixer/ Vundo / Virtumonde Victims : Please @Siljaline - you're welcome. I'm sure Mow will keep bugging them!
@jig: Most victims either see the winfixer popups or their AV/AT/AS program has alerted them on the Vundo/Virtumonde infection, but they are lagging in complete removal. The Symantec tool right now seems to be getting it since it was updated to v. 1.4. If they have a double infection of it, the tool doesn't work and we have to use HJT & VundoFix (a different tool, little more complicated). The popups it creates are really the biggest sign of an infection.
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
 CajunTekInsane CajunPremium,MVM
join:2003-08-08
Arlington, TX
·RoadRunner Cable
| reply to CalamityJane
Good poll CJ.. Only a comment no vote.. No winfixer or virtumondo here.. and only one java.. Version 1.5.0 (build 1.5.0_05-b05)
Keep doing what ya do..
(Formerly MerlynTech.. but I'm CajunTek everywhere else so....)
--
Lost in Texas |
|
