1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Java is pissing me off with all the malware crap

Discussion in 'BlackHat Lounge' started by ShadeDream, May 29, 2012.

  1. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,209
    Likes Received:
    5,230
    Location:
    He who laughs last, laughs longest.
    Java has been so crap lately... it's so annoying and very exploitable in terms of malware. A few months ago, well at the start of this year I managed to get infected with some kind of annoying malware called smad.exe. I got it from advertisements on a RS link generator site, I knew it was through Java because when one of the ads showed up, Java automatically launched and then I would get this freaking smad.exe malware. Same thing happened again to another laptop a few months later. This is not something that an antivirus can protect you from because it's an issue with Java. I was running Kaspersky and it generally is awesome, but it didn't seem to block the Java malware.

    It's now May, I'm running AVG (I know, I know...), but I've also got Malwarebytes and I now seem to be infected with some 7search.com bullshit which redirects Google search results every now and then (not all the time though, it's rare but it happens) to 7search.com. I've run a few scans using different tools and none of them seem to find anything, so I don't know if this maybe has something to do with the sites or what? I've also just cleaned the Java cache files and the whole lot so maybe this will solve the problem.

    Anyone had any similar issues with Java?

    PS. My Java is always updated.
     
    Last edited: May 29, 2012
  2. assphuck

    assphuck Senior Member

    Joined:
    Feb 22, 2009
    Messages:
    1,196
    Likes Received:
    905
    Disable Java in your browser and use Kaspersky.

    Until I disabled Java, I had a lot of issues. It's imperative to do this if you are using your computer for submissions or if you visit a lot of questionable sites.
     
    • Thanks Thanks x 1
  3. tacopalypse

    tacopalypse Executive VIP Jr. VIP Premium Member

    Joined:
    Nov 30, 2009
    Messages:
    980
    Likes Received:
    2,485
    Home Page:
    i just have java disabled in my browser. never had to use it for anything really. o_O
     
    • Thanks Thanks x 1
  4. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,209
    Likes Received:
    5,230
    Location:
    He who laughs last, laughs longest.
    I guess I'm going to follow the advice above but I do use it every now and then. Other than that I'm studying Java at Uni so I can't exactly dump it altogether... lol
     
  5. Michaelf

    Michaelf Registered Member

    Joined:
    Nov 17, 2011
    Messages:
    59
    Likes Received:
    11
    Use The noscript plugin to prevent these driveby attacks
     
  6. Zuckerberg

    Zuckerberg Regular Member

    Joined:
    Apr 25, 2012
    Messages:
    270
    Likes Received:
    78
    Location:
    Facebook
    Java drive by i presume!
     
  7. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,209
    Likes Received:
    5,230
    Location:
    He who laughs last, laughs longest.
    Nope, not Java drive by. No pop up boxes no nothing appears with this malware crap. Java automatically runs without asking for access via the "run application" box.
     
  8. lightyear

    lightyear Newbie

    Joined:
    Jun 27, 2012
    Messages:
    0
    Likes Received:
    0
    Yes this is indeed a Java Driveby
    its a "SILENT" Java Driveby.
    i have written a Silent JDB and it works perfect :147:
     
  9. CodingAndStuff

    CodingAndStuff Regular Member

    Joined:
    May 6, 2012
    Messages:
    236
    Likes Received:
    84
    Occupation:
    Swagstronaut
    Location:
    You can't have my bots. Sorry :'(
    Pro tip: uninstall Java or disable the browser extensions (about:plugins or about:addons depending on your browser). Java is notoriously insecure despite the fact that they try to sandbox everything, as are previous versions of flash and all versions of Adobe Reader. I would suggest only having Flash installed to be honest, and use Google Docs for .pdf files as opposed to having Adobe Reader installed.
     
  10. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,468
    Likes Received:
    10,143
    Antiviruses are mostly useless anyway. To give you a metric, it 's like 200 lines of code to bypass them.

    Never browse with java/flash enabled in the browser unless it 's sandboxed or in a VM (the browser itself).

    Boot into Gnu/Linux whenever you need to access important things like your online bank account.
     
  11. lancis

    lancis Elite Member

    Joined:
    Jul 31, 2010
    Messages:
    1,632
    Likes Received:
    2,384
    Occupation:
    Entrepreneur
    Location:
    Milky Way
    Home Page:
    Java is one of the worst inventions of our century, second only to dot net. :)
    My PC was infected only twice, the first time due to ActiveX, the second time due to Java.
    When I see someone trying to present JAVA as advantage (for example software vendors), I black-list the website.
    My Andorid has zero personal information on it, because it runs Java.
    Although I know Java, I never wrote a single meaningful line of code in that language, because the concept is awful.

    Some things, are invented to serve as a bad examples for the future generations, Java and Chuck Norris are two of them. :)