5 Replies Latest reply on Aug 8, 2013 9:21 PM by Hayton

    Please...What is RDN/Generic Exploit!1nj?

    Danii

      Hi Folks,  This thing keeps coming up on each succesive scan, in 3 seperate files. I also use Super-antispyware-pro version and that doesn't detect this.

       

      What is it and should I be concerned?

       

      Is this dangerous for me to be doing things like online banking?

       

      Thanks very much for reply.

        • 1. Re: Please...What is RDN/Generic Exploit!1nj?
          Hayton

          It's a Java exploit, CVE-2013-0422. Seen in .jar files submitted to VirusTotal.

           

          Microsoft's explanation is the best one, I think :

          http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Exp loit%3AJava%2FCVE-2013-0422

           

          Better check which version of Java you've got, and either update it or uninstall it if you don't need it.

           

          If you visit a website containing the malicious code while using a vulnerable version of Java, the exploit is loaded. Note, however, that a number of legitimate websites could be compromised or unwillingly host a malicious applet through advertising frames which could redirect to or host a malicious Java applet.

           

          If you use online banking you ought to assume someone's been looking over your shoulder and stealing login details, passwords and possibly money. The actual damage depends on what if anything this exploit was able to do - it allows a hacker to download other malware, but there's no telling what that might be.

          • 2. Re: Please...What is RDN/Generic Exploit!1nj?
            Danii

            I have completely (I Think) removed java from my machine.

             

            Thank You for the detailed answer I would like to hear anyone else's opinion as well.

             

            Once Java is removed am I safe from this?

             

            I don't have any indications of being hacked anywhere in my presence on the web. Obviously the Bank Of America account is the number one worry.

             

            Also when my McAfee scan was completed today, before I removed the Java, I clicked on the 3 "Issues" individually in the report and the McAfee page came up and said low risk for home and corporate to all of them.....why is that?

             

            Message was edited by: Danii on 8/8/13 5:28:34 PM CDT
            • 3. Re: Please...What is RDN/Generic Exploit!1nj?
              Hayton

              Danii wrote:

               

              Once Java is removed am I safe from this?

               

              If you've uninstalled Java from your system you may still be vulnerable in your browsers. Check each browser for extensions, add-ons and plug-ins, and disable anything Java-related.

               

               

              I clicked on the 3 "Issues" individually in the report and the McAfee page came up and said low risk for home and corporate to all of them.....why is that?

               

              Presumably because this Java exploit is only the initial stage of the infection process. It prepares the way for the downloading of other programs, which are the ones which would cause the damage. If you're lucky those downloads were blocked by McAfee, but it's always safer not to assume that you're unscathed. Keep your fingers crossed though, if nothing else gets detected you may be okay.

              • 4. Re: Please...What is RDN/Generic Exploit!1nj?
                Danii

                Thank You, One last question is that I use Firefox exclusively, and I have disabled the java plug in, that was easy.

                 

                Because I have Windows Mail ....Internet Explorer is on my machine as apparently Mail uses some of the same stuff IE does.

                 

                I have never even clicked on Internet Explorer.

                 

                Might there be some trace of Java in IE?? Even if never used?

                • 5. Re: Please...What is RDN/Generic Exploit!1nj?
                  Hayton

                  Danii wrote:

                   

                  Internet Explorer is on my machine as apparently Mail uses some of the same stuff IE does.

                   

                  I have never even clicked on Internet Explorer.

                   

                  Might there be some trace of Java in IE?? Even if never used?

                   

                  If you have Windows, you have IE. McAfee uses Internet Explorer's settings for its displays. And if an attacker can insert an add-on into IE, even if you don't use it, you could still be vulnerable as a result. So check IE as well and see what add-ons it's got.

                   

                  Removing Java completely from IE is tricky. Microsoft published an automated fix to do this which involved extensive modifications to the browser and to the registry. I had a link to it somewhere once, not sure I can find it again now.