Home > Uncategorized > Is Java Plugin a threat to your computer’s security?

Is Java Plugin a threat to your computer’s security?

JavaPluginExploits_LiveOneCare_FullScan

Just recently I took upon the task to remove some trojans from a system that was showing AdultFriendFinder ads when the user was conducting searches on the Internet. Searching for the cause of the infection, since the user had been very cautious in the first place (however not consistently using an antivirus due to machine performance issues), the most probable security hole on the system seems to have been Sun’s (now Oracle) Java Plugin, as one can easily see from the picture above.

It’s a (stitched because of the small scroll-pane and lack of text copy/export capability) screenshot from the result of a full system scan using Microsoft’s free Windows Live OneCare Safety scanner (that one runs only using Internet Explorer on Windows – it’s provided as an ActiveX control that installs and runs from inside the web browser [however if your system is infected you may have to temporarily set security zones to low security to instantiate the scanner since some trojans manage to block it otherwise]). From that security hole, some TrojanDownloaders came in and opened a huge backdoor for more stuff to come through…

The moral story learned is to never turn off Java’s updater and maybe even better disable Java Plugin (e.g. from its applet at the Windows Control Panel) altogether.

In the meantime, better wipe clear the contents of the folder "%AppData%\..\LocalLow\sun\cache" (".." means go to parent folder [one folder up]). All those exploits had installed stuff in that location.

Advertisements
Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: