FPSBanana

Post by **Plinko** » Wed Jul 14, 2010 12:59 pm

What I was able to read up on it, it's a bootkit, which is somewhat different. It actually forces itself into the boot sequence for Windows. What I've read was somewhat confusing, but every report I found seemed that traditional rootkit remedies don't work for it and most people seemed unable to remove it entirely.

I continue to find it jaw-dropping that Windows allows anything like this to ingrain itself into your OS.

YouTube · Post by **Stevo** » Wed Jul 14, 2010 1:07 pm

You just have to replace the MBR using the Windows installer/recovery disk to stop it from loading.

Post by **frostdillicus** » Wed Jul 14, 2010 2:42 pm

From what I read, it's not an IE exploit, but rather a Java based attack and therefore all browsers are susceptible unless you are running AdBlock or the like.

Post by **Plinko** » Wed Jul 14, 2010 3:22 pm

Yeah, I got mine via Firefox, but the fact that Java can even install things into your Windows boot record is insane, why would you allow that at all?

Post by **frostdillicus** » Wed Jul 14, 2010 3:33 pm

I did a bit of research but I don't know if this was the attack vector. It seems that there is a way using properly formatted HTML to essentially have the command line version of java run well, anything. Yes, it's a simplistic description, but I'm not a security expert so I don't know the full story.

Sun pretty much said it wasn't a big enough threat to patch when the exploit was brought to their attention, and will only patch it when they release their quarterly patch.

Post by **Fox_Blaze** » Wed Jul 14, 2010 4:18 pm

I have the smss.exe file, but not the loader.exe or the iexplorer.exe file in the processes tab in the task manager.

I don't know what's going on.

Post by **frostdillicus** » Wed Jul 14, 2010 4:29 pm

smss.exe is a normal windows process. As long as the version of smss.exe is in your windows\system32 directory it is legit. If you don't have the other two processes, you shouldn't have anything to worry about.

Post by **Clay Pigeon** » Wed Jul 14, 2010 4:46 pm

If this is java-based, couldn't it be used as a vector to compromise just about any system, regardless of OS?

Post by **gator** » Wed Jul 14, 2010 4:50 pm

frostdillicus wrote:I did a bit of research but I don't know if this was the attack vector. It seems that there is a way using properly formatted HTML to essentially have the command line version of java run well, anything. Yes, it's a simplistic description, but I'm not a security expert so I don't know the full story.

Sun pretty much said it wasn't a big enough threat to patch when the exploit was brought to their attention, and will only patch it when they release their quarterly patch.

Mind linking to your research?

Post by **Fox_Blaze** » Wed Jul 14, 2010 4:59 pm

frostdillicus wrote:smss.exe is a normal windows process. As long as the version of smss.exe is in your windows\system32 directory it is legit. If you don't have the other two processes, you shouldn't have anything to worry about.

oh alright. I guess I was getting a bit paranoid about it for a little bit ^^;

Post by **frostdillicus** » Wed Jul 14, 2010 5:04 pm

http://www.zdnet.com/blog/security/java ... ttack/6161
http://www.zdnet.com/blog/security/sun- ... tacks/6082
http://threatpost.com/en_us/blogs/serio ... ers-040910

Not exactly a lot of research. I just read it in passing after I saw on the Steam forums that people were saying it was a Java based attacked embedded in an advertisement. Again, I don't know if this was the attack vector used or not.

This attack seems pretty nefarious as it bypasses DEP and ASLR which are designed to keep crap like this from happening.

YouTube · Post by **Stevo** » Wed Jul 14, 2010 5:22 pm

I don't think that's the same vulnerability as this, unless people are running outdated versions of Java. There's been 2 updates (1 security patch) to Java since those articles were posted.

Post by **frostdillicus** » Wed Jul 14, 2010 5:35 pm

You're right, it probably isn't this specific exploit. However, it is a cross browser exploit as there are reports of people not using IE getting infected.

Then again, it is entirely possible it is this exploit and people are running out of date versions of Java. I know a lot of non tech savvy people who ignore the "so and so has downloaded an upgrade. Would you like to install it?" boxes as they are of the mindset, "It's working correctly at the moment. Anything I do might break it, so I'm not going to do anything."

There are still people out there running IE6 on Windows XP as their primary browser. I wouldn't put it past a lot of people to still have outdated versions of Java running around.

Post by **Darklightr** » Wed Jul 14, 2010 5:56 pm

Just out of curiosity... What is the latest version?

Post by **Dog** » Wed Jul 14, 2010 5:57 pm

3.0.410
Running on TVX and TVXV

Major code rewrites and a new gamemode...

I like to test it first before making a commit...

Games Played

Ville Awards

Games Played

Ville Awards

Games Played

Ville Awards

Games Played

Ville Awards

Games Played

Ville Awards

Games Played

Ville Awards

Games Played

Ville Awards

Games Played

Ville Awards

Games Played

Ville Awards

Games Played

Ville Awards

Games Played

Ville Awards

Games Played

Ville Awards

Games Played

Ville Awards

Games Played

Games Played

Ville Awards

Who is online