0 Replies Latest reply on Apr 26, 2011 1:20 PM by cmusil

    Java applet threats

      I am running Windows 7 Home Premium 64-bit version with Internet Explorer 8 and automatic updates and user access control enabled. On 4/22, a manual full scan by McAfee Security Center found Downloader-BCS in:

      C:\Users\Root\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\4020c329-42881d4 5

      Subsequently, a manual full scan by Microsoft Safety Scanner also found TrojanDownloader:Java/OpenConnection.HH in

      C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\101ce06f-29 fa12b7->cpak/Crimepack.class

      as well as Exploit:Java/CVE-2010-0840.AJ in

      C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\2c8be69b-49 027819->am/hodar.class.

      Since the last clean full scan by McAfee Security Center on 4/14, no unusual requests for downloading or running executable files were made nor were any new programs explicitly given Internet access. My version of Java is 6 Update 24 with security set to “Show sandbox warning banner” and mixed code set to “Enable – show warning if needed”.

       

      All of these infections were found in the java deployment cache. My questions are:

       

      1. How did these malicious java applets get through the run-time scanner and into the cache in the first place?
      2. Do all three instances exploit the same vulnerability in the java runtime environment? If so, then is my version invulnerable to these attacks? If not, then how likely is exploitation?
      3. Is there any way to check if a successful exploitation by any of these Trojan downloaders did occur, i.e. through Java’s log files or through Mcafee Firewall’s log files or program permission entries?
      4. If a malicious download did occur, then wouldn’t the file have been quarantined anyway by the run-time scanner? If the file was downloaded and executed, then wouldn’t Mcafee firewall alert the user of an unauthorized request to access the Internet?
      5. The risk assessment for “Downloader-BCS” is low. Does this mean that a successful exploit of this and the other malicious applets could only have occurred though a computer on the local network (see http://www.mcafee.com/us/mcafee-labs/resources/vulnerability-assessment.aspx)?
      6. After removal of these three infections, full scans by “Mcafee Security Center”, “Malwarebytes Anti-Malware”, “Microsoft Malicious Software Removal Tool”, “Microsoft Safety Scanner”, and “Microsoft Security Essentials” revealed no further problems. Am I truly safe?

       

      Thank you very much in advance for any assistance in assessing the threat to my computer from these infections.