Results 1 to 10 of 694

Thread: SPAM frauds, fakes, and other MALWARE deliveries - archive

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2012-08-28, 00:10 #29
    AplusWebMaster
    AplusWebMaster is offline
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy Java 0-Day exploit-in-the-wild...

    FYI...

    Java 0-Day exploit-in-the-wild
    - https://secunia.com/advisories/50133/
    Last Update: 2012-08-28
    Criticality level: Extremely critical
    Impact: System access
    Where: From remote ...
    Solution Status: Unpatched
    Software: Oracle Java JRE 1.7.x / 7.x
    CVE Reference: http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4681 - 6.8
    ... vulnerability is confirmed in version 7 update 6 build 1.7.0_06-b24. Other versions may also be affected.
    Solution: No official solution is currently available...
    Reported as a 0-day.
    Original Advisory:
    http://blog.fireeye.com/research/201...-over-yet.html

    - https://isc.sans.edu/diary.html?storyid=13984
    Last Updated: 2012-08-27 20:29:15 UTC - "... targets Java 1.7 update 6, there is currently no patch available, the exploit has been integrated into the metasploit framework..."
    - https://krebsonsecurity.com/2012/08/...-java-exploit/
    August 27, 2012
    - http://www.deependresearch.org/2012/...formation.html
    August 27, 2012 - "... currently being used in targeted attacks..."

    - http://labs.alienvault.com/labs/inde...d-in-the-wild/
    August 27, 2012 - "... On the analyzed sample the payload is downloaded from ok.aa24 .net/meeting /hi.exe... The payload drops C:\WINDOWS\system32\mspmsnsv.dll (replace the file if present) and starts the Portable Media Serial Number Service. The malware connects to hello.icon .pk port 80. It seems to be a Poison Ivy variant. hello.icon .pk resolvs to:
    223.25.233.244
    223.25.233.0 – 223.25.233.255
    8 to Infinity Pte Ltd ..."
    > https://www.virustotal.com/file/09d1...200f/analysis/
    File name: hi.exe
    Detection ratio: 32/42
    Analysis date: 2012-08-28 12:59:25 UTC

    - https://www.virustotal.com/file/09d1...200f/analysis/
    File name: hi.exe
    Detection ratio: 36/42
    Analysis date: 2012-08-29 10:55:45 UTC
    ___

    - http://www.kb.cert.org/vuls/id/636312
    Last revised: 28 Aug 2012 - "... Disabling the Java browser plugin may prevent a malicious webpage from exploiting this vulnerability..."

    - http://www.symantec.com/connect/blog...-cve-2012-4681
    8.28.2012 - "... attackers have been using this zero-day vulnerability for at least five days, since August 22... we have confirmed that the zero-day vulnerability works on the latest version of Java (JRE 1.7), but it does -not- work on the older version JRE 1.6*..."

    * http://forums.spybot.info/showpost.p...08&postcount=5

    Last edited by AplusWebMaster; 2012-08-29 at 16:23.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules