Return to the Computer Help Forum | Post a Follow-Up

 o
New threat from 'fileless' bots?

Posted by marknmt (My Page) on
Tue, Mar 20, 12 at 13:28

My wife just read about a new malware threat that infects computers after users click on certain banners after visiting certain Russian news links. Evidently the technique is expected to spread.

The article, parts of which I almost understood, referred to Java vulnerabilities and suggested a security patch called CVE-2011-3544, and they also mentioned using a Geo Filter.
Is this for real, and if so, what should I do to protect my wife's Vista and my Ubuntu systems?

Thanks very much -once again- for your help.

Mark

Here is a link that might be useful: Blog about fileless bot


Follow-Up Postings:

 o
RE: New threat from 'fileless' bots?

one of the reasons it is SO SO important to keep everything updated. INCLUDING Java!! these java exploits keep creeping up in number and if Java updates are not done to patch each of these new vulnerabilities then you are wide open.
Many people have chosen to do away with Java and js , or at least use the firefox add on No script which will block a lot of these type of scripting exploits including i frame ones.

Use the secunia tool to check for updates on all your windows pc needs
Secunia Online Software Inspector (OSI)
run it regularly


 o
RE: New threat from 'fileless' bots?

and try to stay away from .ru sites.


 o
RE: New threat from 'fileless' bots?

Thanks (once again!) for your advice and help.

Won't have any trouble staying away from .ru sites, but eventually this technique will spread.

I'm running No Script now. That dern OSI looks a little intimidating but we'll figure it out.

Best,

Mark


 o
RE: New threat from 'fileless' bots?

The secunia OSI is very easy just let it run the scan on your pc it will then tell you everything that it finds that is outdated and needs updating and will even link to where you need to go.
If you find something outdated and need help just come here and ask for help.
Remember that flash updates must be done on every browser and you must use that browser to go get the update and install it. For those other than IE it is called NON IE flash you can google that.


 o
RE: New threat from 'fileless' bots?

"Java flaws are a favorite target of miscreants and malware because of the programs power and massive install base: Oracle estimates that Java is installed on more than three billion machines worldwide."

"Worse still, Java is now among the most frequently-attacked programs, and appears to be fast replacing Adobe as the target of choice for automated exploit tools used by criminals."

"At the very top of my nix-it-now list is Java, a powerful
application that most users have on their systems but that probably few actually need."

https://krebsonsecurity.com/2010/06/dont-need-java-junk-it/


 o
RE: New threat from 'fileless' bots?

Zep, are you recommending that the average user delete Java on their computers?

Dee


 o
RE: New threat from 'fileless' bots?

There are lots of computers that dont have java installed that I've fixed, by installing jave when they cant access certain sites. They probably have happily surfed for years before it was needed by them.

I can go a week or two before some webpage will be a problem & and suddely that little light bulb appears over my head that says ... remember you disabled the java plug ins.


 o
RE: New threat from 'fileless' bots?

Dee if you use firefox just install no script that way you still have it available should you need it but until you do it is blocked plus no script helps with other issues also.


 o
RE: New threat from 'fileless' bots?

Here is the link to the official no script page which explains a lot. Definitely check out the faq page.
There are some firefox no script tutorials around too, it can be a pain at first till the learning is done.

Here is a link that might be useful: No script


 o
RE: New threat from 'fileless' bots?

Thanks, RC. Actually, I've had No Script for several years, but I still thought you had to keep Java installed and updated.


 o Post a Follow-Up

Please Note: Only registered members are able to post messages to this forum.

    If you are a member, please log in.

    If you aren't yet a member, join now!


Return to the Computer Help Forum

Information about Posting

  • You must be logged in to post a message. Once you are logged in, a posting window will appear at the bottom of the messages. If you are not a member, please register for an account.
  • Please review our Rules of Play before posting.
  • Posting is a two-step process. Once you have composed your message, you will be taken to the preview page. You will then have a chance to review your post, make changes and upload photos.
  • After posting your message, you may need to refresh the forum page in order to see it.
  • Before posting copyrighted material, please read about Copyright and Fair Use.
  • We have a strict no-advertising policy!
  • If you would like to practice posting or uploading photos, please visit our Test forum.
  • If you need assistance, please Contact Us and we will be happy to help.


Learn more about in-text links on this page here