Tuesday, January 15, 2013

Red October LUVS Java,
A Match Made In Hell


It turns out that the Red October malware racket, started in 2007, has been doing its dirty work thanks to Oracle's crap attention to Java security. I hate you Oracle. I hate you very much.

Unearthed attack site reveals some inner workings of espionage malware.
Attackers behind a massive espionage malware campaign that went undetected for five years relied in part on a vulnerability in the widely deployed Java software framework to ensnare their victims, a security researcher said.
The unknown attackers infected computers operated by the Russian Federation, Iran, the US, and at least 36 other countries. They used highly targeted malware to collect what's believed to be hundreds of terabytes of sensitive data, according to researchers from antivirus provider Kaspersky Lab. The success of the covert operation is largely the result of malware and phishing e-mails that were highly customized for each victim.  
Now, Aviv Raff, CTO of Israel-based Seculert, said he has uncovered a website used to infect some of the victims of Operation Red October (as the campaign has been dubbed). The website exploited a critical Java vulnerability identified as CVE-2011-3544, allowing the attackers to surreptitiously execute malicious code on visitors' computers. Although Oracle developers patched the bug in October of 2011, the malicious Java archive file was compiled the following February. . . .
CVE-2011-3544 affects Mac OS X 10.6 through 10.7.2.

The best description of CVE-2011-3544 is at SecurityTracker.

SecurityFocus lists the vulnerable operating system versions.


In general, if you are and administering Macs with potential LUSER Factor problems:

1) Always force your users to have Standard accounts, never Admin accounts.
2) Lock the Java settings to the minimum required to run the Java apps required.
3) Unless you know your users require Java, it's a great idea to simply uninstall Java.
4) Keep your potential LUSER machines up-to-date; No slacking allowed on your part.

Ideally, if you are working with Macs running OS X 10.6 - 10.7.2, uninstall Java in order to remain safe.

In any case, if you're not at a trusted website:

Just Turn Java Off.


No comments:

Post a Comment