CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
3 edits | Potential Vulnerability with Sun Java auto update
Multiple Choice Poll
Which version of Sun Java is installed? |
|
view results · flash pie chart
We have noticed a large number of Winfixer/ Vundo / Virutmonde Victims have an older version of Sun Java (v. J2SE 1.4.2_03) installed in Add/Remove Programs in the Control Panel. Other older or newer versions may also be installed, however, we are wanting to know if you have this version on your system.
If you've been a victim of this malware (or have been helping one), would you please take the time to answer the poll ?
Also, if you have more than one version installed, please list them in a reply to this thread.
Why do we want to know?
Fellow MS MVP Steve Wechsler (aka MowGreen) wrote to Sun Microsystems (makers of Sun Java) to express the concerns raised in the Security Community that autoupdaters of Sun Java do not uninstall previous (vulnerable) versions of the program. He asked for clarification that if a User utilizes the automatic update mechanism of the JRE the previous vulnerable version is left on the system, and that those previous vulnerable versions can still be called by malware. The folks at Sun Microsystems wrote back confirming this is true and they would be investigating updating the java.com pages and the auto update uninstallation issue. That was back in February and to date, none of these issues has been resolved.
Therefore all users are encouraged to please check in your Control Panel, under Add/Remove programs and uninstall any older versions of Sun Java. And in the future, remember to remove older versions of Java when you automatically update to a newer version to avoid exploitation of older versions left on your system.
The most current version of Sun Java can be found and downloaded from here:
»java.com/en/download/windows_xpi.jsp
To check your version to see if it is the latest version, Please go here:
»www.java.com/en/download/installed.jsp
Follow the instructions on that page to verify Your Java software
Please remember to uninstall all old versions of Sun Java
According to the bulletins, CERT also warns about java bug being exploited and you can read more about it here:
»isc.sans.org/diary.php?storyid=1039
The current *fix* for Vundo/Virtumonde/Winfixer can be found here:
»Security Cleanup FAQ »Trojan Vundo/Virtumonde/Winfixer Removal
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL | Re: Winfixer/ Vundo / Virtumonde Victims : Please
Thanks for the votes so far. Please do reply here with what versions you have if there is more than one, please 
Thanks! |
|
Pole883
Premium
join:2004-01-27
Schenectady, NY |  ;)
Thanks Jane!!
Mike |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL | You're welcome, Mike. Thanks for voting and I hope the extra info was a help |
|
LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
 ·Comcast
 ·Qwest.net
| reply to CalamityJane
Thanks for the poll CJ!
I am one of those nuts that hates sysytem clutter. First time I found out that the old versions of Sun JRE were not removed, I did it manually. I only have the most recent version installed. All others gone.
--
When angry count four; when very angry, swear.
Microsoft MVP Windows-Security 2005
Gladiator Security Forum |
|
fuzz
Fuzz
Premium
join:2000-06-05
FuzzLand | reply to CalamityJane
Re: Winfixer/ Vundo / Virtumonde Victims : Please Read
Had 3 and 4 installed, saw this thread, installed update 5 then removed 3 and 4.
--
fuzz |
|
jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA
| reply to CalamityJane
Re: Winfixer/ Vundo / Virtumonde Victims : Please
CJ,
Not a victim, but I want to thank you for bringing the subject up anyway. Each of the machines here only had one installation of the Sun JVM -- and each one was a different version! 
Got them all in synch now. Thanks again.
--
Regards, Joseph V. Morris |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
1 edit | You're welcome, JV! I had a couple of old versions still on here too. Until Sun fixes these issues, it's hard to remember to go in and manually remove the older versions after a Sun Java Update 
They don't state that about removing older versions on their download webpages either. |
|
DevilFrank
join:2003-07-13 | I did´nt install Sun-Java and don´t miss it as yet. |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| said by DevilFrank  :I did´nt install Sun-Java and don´t miss it as yet. Ok! Comments are most welcome from all!
Reminder:But please don't vote if you have not been infected with Vundo We're trying to educate folks, too but Steve would like to get an idea of what versions were running on current/previously infected with Vundo/Winfixer PCs only
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
garys_2k
join:2004-05-07
Farmington, MI
 ·Future Nine Corpor..
·Vonage
| said by CalamityJane :Reminder: But please don't vote if you have not been infected with Vundo We're trying to educate folks, too but Steve would like to get an idea of what versions were running on current/previously infected with Vundo/Winfixer PCs only DOH! So sorry! I voted "None installed" becasue that's what I have, but I wasn't infected. Deduct my vote, and sorry for the confusion on my part. |
|
mazhurg
Premium
join:2004-05-02
Portage La Prairie, MB
1 edit | reply to CalamityJane
... remove me |
|
mazhurg
Premium
join:2004-05-02
Portage La Prairie, MB
·TekSavvy Solutions..
·MTS
| reply to CalamityJane
Reminder:But please don't vote if you have not been infected with Vundo Sorry, my fingers got way ahead of my comprehension tonight... Please remove my vote under other versions.
|
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| said by mazhurg :Reminder:But please don't vote if you have not been infected with Vundo Sorry, my fingers got way ahead of my comprehension tonight... Please remove my vote under other versions. No problem. And thanks for posting to let us know.
ALL comments welcome, we just only want the Vundo infectees voting.
Feel free to leave your comments or questions here though
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs:
 ·AT&T U-Verse
| reply to CalamityJane
Remove me as well. Since I saw others vote who I know haven't been infected, I did as well. Voted using a different version then 1.4.2_03 (1.5) and I only have the one version as I am obsessive about keeping a clutter free system.
--
God put me on this Earth to accomplish a certain number of things. Right now, I am so far behind I will never die. |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| Thanks for your comments, mers2!
Yes, we want comments - but the actual voting is for Vundo infectees only (just to clarify). Don't want anyone to feel they can't comment or ask a question or lend input
{{{Hugs}}}
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
siljaline
clear and presentation danger
Premium
join:2002-10-12
Montreal, QC
·Bell Sympatico
| reply to CalamityJane
Re: Winfixer/ Vundo / Virtumonde Victims : Please Read
Thanks for the poll CJ, redundant installs now removed.
If only Sun would fix this issue, I'll bug Mow to keep bugging them to clean up the update process.
Regards,
--
siljaline MS - MVP Windows (IE/OE) & Security, AH-VSOP |
|
jig
join:2001-01-05
Hacienda Heights, CA | reply to CalamityJane
just for sanity,
is Winfixer/ Vundo / Virtumonde wasy to scan for? do either spybot, adaware, or avg find it? |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| Re: Winfixer/ Vundo / Virtumonde Victims : Please
@Siljaline - you're welcome. I'm sure Mow will keep bugging them!
@jig: Most victims either see the winfixer popups or their AV/AT/AS program has alerted them on the Vundo/Virtumonde infection, but they are lagging in complete removal. The Symantec tool right now seems to be getting it since it was updated to v. 1.4. If they have a double infection of it, the tool doesn't work and we have to use HJT & VundoFix (a different tool, little more complicated). The popups it creates are really the biggest sign of an infection.
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
CajunTek
Insane Cajun
Premium,MVM
join:2003-08-08
Arlington, TX
·RoadRunner Cable
| reply to CalamityJane
Good poll CJ.. Only a comment no vote.. No winfixer or virtumondo here.. and only one java.. Version 1.5.0 (build 1.5.0_05-b05)
Keep doing what ya do..
(Formerly MerlynTech.. but I'm CajunTek everywhere else so....)
--
Lost in Texas |
|
