Homeland Secure IT Alert for Thursday, October 28, 2010
In the news today you will find that a new variant of the infamous Koobface is making the rounds via social media sites such as Facebook, Twitter and Myspace.
Unsuspecting users are enticed to click a video link in a direct message which links to a bogus YouTube page where they are presented with a thumbnail of the video, which when clicked runs a JAVA applet, and the user will then accept it, thinking they are going to see the greatest video ever. Instead, they get a blank screen more times than not, and have just given access to their computer to the bad guys.
According to various sites, the applet affects Linux and Mac in a different manner than the Windows based systems because it remains running longer, giving attackers a long time to exploit the machine for evil purposes. (So all that wonderful uptime you get from a *nix machine works against you as a Microsoft Windows machine gets rebooted more frequently).
It is suggested that you keep your operating systems updated, your JAVA updated, and keep current and quality anti-virus products on your computer such as Trend Micro. Even an anti-virus package like clamAV is advised over nothing at all. Mac and Linux users need to be very aware that the good old days of running “bareback” are over.
As always, avoid sketchy sites, don’t run JAVA apps unless you trust them. If you are on social media, use some common sense and don’t click on odd looking links, even if they come from your friends.
If you feel you may have been compromised, contact a computer service professional immediately. If you need assistance in Greenville or Upstate SC, we provide complete computer service, virus removal and cleanup and sales of Trend Micro and Symantec security and anti-virus software. 864.990.4748
uh no. this is a java flaw not linux, and im pretty sure this has been fixed in the new versions. but of course microsoft would like everyone to believe linux has the same stupid problems… even if one is stupid enough to get this, its easily eradicated and cannot wreck the same havok it would if it was on windows due to user only access, also one can just make another account and run firefox or whatever as that user, essentially isolating such a thing from your files. to keep it simple, there is not too much to be concerned about, for those who know what their doing that is…
Thanks for the reply. Yes, JAVA is at fault here, however, since we focus on the business sector, almost everyone we do work for has JAVA installed as mandated by various apps they have to access, from medical to financial institutions.
Also, another side is that many of the workstations we encounter are running with elevated privs regardless of what we suggest.
Your input is valuable though, thank you!