Java Zero Day Attach and it affects Linux...

This comes from our guest host Greg Martin on Google+:

Java 0-day being exploited in the wild. There have been confirmed infections on Windows-based computers but it's possible to compromise a Mac or Linux system as well. Currently the only recommendation for mitigation is to completely disable Java.

Links for thought:

Ars Technica article: http://arstechnica.com/security/2012/08/critical-java-exploit-spreads/

In-depth breakdown of the exploit (technical with mildly poor English): http://immunityproducts.blogspot.com.ar/2012/08/java-0day-analysis-cve-2012-4681.html

Proof-of-concept for the exploit (actual source code): http://pastie.org/pastes/4594319/text

There are also some claims that Oracle have known about the vulnerabilities for some time. https://www.pcworld.com/businesscenter/article/261612/oracle_knew_about_currently_exploited_java_vulnerabilities_for_months_researcher_says.html

I'm currently testing this out on my system (Linux) to see if I can get it to work.

 

Brian Wagner

Brian started working with *nix in while a student at Kent State University in the early 90's. In 1995, as an E-Mail Administrator for Caliber Technology (now part of Fedex) he was tasked with administering Sendmail on both Slackware Linux and Solaris Systems. His first home install of Linux was MkLinux DR1 in 1996 on his 60 Mhz PowerMac. Since then Brian has been working and consulting on Linux and it's uses in the Enterprise to support everything from E-Mail, Firewalls, Web and File serving to custom cluster solutions and grid solutions. Brian has had the opportunity to work in both Fortune 500 companies and small 2 person organizations. This has given him the unique insight into the differences every size business faces.

TrendMicro reports Virus attack targeted at Routers...

TrendMicro is reporting that they have uncovered a virus targeting D-Link routers which are Linux based.  Once infected the router starts listening to IRC for botnet commands and can also start brute force atacking the Username and Password combinations it finds on the router.  They are still looking into what else the code may do.  They are identifing it as ELF_TSUNAMI.R and will be posting updates as they have them.  No mention of whether D-Link has posted an update to address the issue.  Since D-Link and TrendMicro are partners the solution may already be in place.  This is identified as a Low Risk, High Damage Poritential and Low threat for being spread. 
Are you running Antivirus software on your Linux machines?

Brian Wagner

Brian started working with *nix in while a student at Kent State University in the early 90's. In 1995, as an E-Mail Administrator for Caliber Technology (now part of Fedex) he was tasked with administering Sendmail on both Slackware Linux and Solaris Systems. His first home install of Linux was MkLinux DR1 in 1996 on his 60 Mhz PowerMac. Since then Brian has been working and consulting on Linux and it's uses in the Enterprise to support everything from E-Mail, Firewalls, Web and File serving to custom cluster solutions and grid solutions. Brian has had the opportunity to work in both Fortune 500 companies and small 2 person organizations. This has given him the unique insight into the differences every size business faces.