Tag Archive: Java


Sophisticated botnet steals more than $47M by infecting PCs and phones

A new version of the Zeus trojan—a longtime favorite of criminals conducting online financial fraud—has been used in attacks on over 30,000 electronic banking customers in Europe, infecting both their personal computers and smartphones. The sophisticated attack is designed to circumvent banks’ use of two-factor authentication for transactions by intercepting messages sent by the bank to victims’ mobile phones.

The malware and botnet system, dubbed “Eurograbber” by security researchers from Check Point Software and Versafe, was first detected in Italy earlier this year. It has since spread throughout Europe. Eurograbber is responsible for more than $47 million in fraudulent transfers from victims’ bank accounts, stealing amounts from individual victims that range from 500 Euros (about $650) to 25,000 Euros (about $32,000), according to a report published Wednesday.

The malware attack begins when a victim clicks on a malicious link, possibly sent as part of a phishing attack. Clicking on the link directs them to a site that attempts to download one or more trojans: customized versions of Zeus and its SpyEye and CarBerp variants that allow attackers to record Web visits and then inject HTML and JavaScript into the victim’s browser. The next time the victim visits their bank website, the trojans capture their credentials and launch a JavaScript that spoofs a request for a “security upgrade” from the site, offering to protect their mobile device from attack. The JavaScript captures their phone number and their mobile operating system information—which are used in the second level of Eurograbber’s attack.

With the phone number and platform information, the attacker sends a text message to the victim’s phone with a link to a site that downloads what it says is “encryption software” for the device. But it is, in fact, “Zeus in the mobile” (ZITMO) malware—a Trojan crafted for the Android and BlackBerry mobile operating systems that injects itself between the user and the mobile browser and SMS messaging software. With both devices now compromised, the malware waits for the victim to access a bank account, and then immediately transfers a percentage of the victim’s balance to an account set up by the criminals running the botnet.

The malware then intercepts the confirmation text message sent by the bank, forwarding it to the trojan’s command and control server via a relay phone number. The server uses the message to confirm the transaction and withdraw the money. The same process happens every time the victim logs into their bank account, gradually withdrawing money without alerting the user.

Both Checkpoint and Versafe have added signature and behavior detection to their malware protection products that can block Eurograbber. Updating software that is a frequent target for Web “driveby download” exploits—such as Adobe Flash, Java, and Web browsers—can help prevent infection by the malware, as can a healthy amount of paranoia about clicking links in e-mails.

Source: Arstechnica

Latest Java software opens PCs to hackers: experts

Computer security firms are urging PC users to disable Java software in their browsers, saying the widely installed, free software from Oracle Corp opens machines to hacker attacks and there is no way to defend against them.

The warnings, which began emerging over the weekend from Rapid7, AlienVault and other cyber security firms, are likely to unnerve a PC community scrambling to fend off growing security threats from hackers, viruses and malware.

Researchers have identified code that attacks machines by exploiting a newly discovered flaw in the latest version of Java. Once in, a second piece of software called “Poison Ivy” is released that lets hackers gain control of the infected computer, said Jaime Blasco, a research manager with AlienVault Labs.

Several security firms advised users to immediately disable Java software — installed in some form on the vast majority of personal computers around the world — in their Internet browsers. Oracle says that Java sits on 97 percent of enterprise desktops.

“If exploited, the attacker will be able to perform any action the victim can perform on the victim’s machine,” said Tod Beardsley, an engineering manager with Rapid7’s Metasploit division.

Computers can get infected without their users’ knowledge simply by a visit to any website that has been compromised by hackers, said Joshua Drake, a senior research scientist with the security firm Accuvant.

Java is a computer language that enables programmers to write one set of code to run on virtually any type of machine. It is widely used on the Internet so that Web developers can make their sites accessible from multiple browsers running on Microsoft Windows PCs or Macs from Apple Inc.

An Oracle spokeswoman said she could not immediately comment on the matter.

Security experts recommended that users not enable Java for universal use on their browsers. Instead, they said it was safest to allow use of Java browser plug-ins on a case-by-case basis when prompted for permission by trusted programs such as GoToMeeting, a Web-based collaboration tool from Citrix Systems Inc

Rapid7 has set up a web page that tells users whether their browser has a Java plug-in installed that is vulnerable to attack: www.isjavaexploitable.com

Source: Reuters

Ryan says: I would recommend updating to the latest version of Java.  The latest version of Java Runtime Environment JRE-64-bit is here. For users with older computers, try downloading the latest version in 32-bit.

Oracle plugs 21 dangerous Sun Java security holes

Oracle today issued a security alert to warn about 21 security holes in its widely deployed Java SE and Java for Business products and warned that the flaws are dangerous enough to expose users to remote code execution attacks.

Oracle said the most severe CVSS Base Score for vulnerabilities fixed in this Java patch batch is 10.0, the highest severity rating.

Out of these 21 vulnerabilities, 13 affect Java client deployments. 12 of these 13 vulnerabilities can be exploited through Untrusted Java Web Start applications and Untrusted Java Applets, which run in the Java sandbox with limited privileges. One of these 13 vulnerabilities can be exploited by running a standalone application.

Researcher warns of dangerous Java flaw

According to the advisory, 3 of the 21 vulnerabilities affect client and server deployments and can be exploited through Untrusted Java Web Start applications and Untrusted Java Applets, as well as be exploited by supplying malicious data to APIs in the specified components, such as, for example, through a web service.

Because of the severity of the vulnerabilities in this Java update, Oracle recommends that Java customers apply it “as soon as possible.”

As usual, be careful with those pre-checked bloatware add-ons.

Source: ZDNet

Android source code, Java, and copyright infringement: what’s going on?

So it’s been a fun day of armchair code forensics and legal analysis on the web after Florian Mueller published a piece this morning alleging Google directly copied somewhere between 37 and 44 Java source files in Android. That’s of course a major accusation, seeing as Oracle is currently suing Google for patent and copyright infringement related to Java, and it prompted some extremely harsh technical rebuttals, like this one from ZDNet and this one from Ars Technica. The objections in short: the files in question are test files, aren’t important, probably don’t ship with Android, and everyone is making a hullabaloo over nothing.

We’ll just say this straight out: from a technical perspective, these objections are completely valid. The files in question do appear to be test files, some of them were removed, and there’s simply no way of knowing if any of them ended up in a shipping Android handset. But — and this is a big but — that’s just the technical story. From a legal perspective, it seems very likely that these files create increased copyright liability for Google, because the state of our current copyright law doesn’t make exceptions for how source code trees work, or whether or not a script pasted in a different license, or whether these files made it into handsets. The single most relevant legal question is whether or not copying and distributing these files was authorized by Oracle, and the answer clearly appears to be “nope” — even if Oracle licensed the code under the GPL. Why? Because somewhere along the line, Google took Oracle’s code, replaced the GPL language with the incompatible Apache Open Source License, and distributed the code under that license publicly. That’s all it takes — if Google violated the GPL by changing the license, it also infringed Oracle’s underlying copyright. It doesn’t matter if a Google employee, a script, a robot, or Eric Schmidt’s cat made the change — once you’ve created or distributed an unauthorized copy, you’re liable for infringement.*

Why does this matter? Because we’re hearing that Oracle is dead-set on winning this case and eventually extracting a per-handset royalty on every Android handset shipped. In that context, “those files aren’t important!” isn’t a winning or persuasive argument — and the more these little infringements add up, the worse things look for Google. Whether or not these files are a “smoking gun” isn’t the issue — it’s whether Android infringes Oracle’s patents and copyrights, since the consequences either way will be monumental and far-reaching. Ultimately, though, the only person who can resolve all of this for certain is a judge — and it’s going to take a lot more time and research to get there.

Source: Engadget