Use this to stop the Java 0day

Author: No Comments Share:

There’s a nasty java zero-day going about.   You can see how it is spreading here.   There is no known antidote so CERT is advising you to disable Java.

I ran what I believe to be this attack in Bromium vSentry, which protects my PC using hardware isolation.  This particular nasty is still active at the URL:  s c h o o l m e n u  com.

Below I have pasted the SHA1 and MD5 signatures for the payload of this attack.  You can use these in your traditional firewalls / IPSs to block it.

Stay safe

Payload details:

<Properties fileSize=”174080″ MD5Hash=”6A7483D631D17959D84A53536A88E817″ SHA1Hash=”8DE89D0252F1C8FF0B4DEED812AD3305898E7109″></Properties>
<Properties fileSize=”174080″ MD5Hash=”F5679F92B66A7829D36089816BD67571″ SHA1Hash=”64A7F4EB1FED1CEDED7D2F105FB340525AF0BA25″></Properties>
<Properties fileSize=”174080″ MD5Hash=”6A7483D631D17959D84A53536A88E817″ SHA1Hash=”8DE89D0252F1C8FF0B4DEED812AD3305898E7109″></Properties>
<Properties fileSize=”463360″ MD5Hash=”53C99C9ACBC115005C337D13E2D41B46″ SHA1Hash=”DE84F72D0BA7B766918710978B06F4212D5E1F75″></Properties>
<Properties fileSize=”463360″ MD5Hash=”53C99C9ACBC115005C337D13E2D41B46″ SHA1Hash=”DE84F72D0BA7B766918710978B06F4212D5E1F75″></Properties>
<Properties fileSize=”174080″ MD5Hash=”F5679F92B66A7829D36089816BD67571″ SHA1Hash=”64A7F4EB1FED1CEDED7D2F105FB340525AF0BA25″></Properties>
<Properties fileSize=”174080″ MD5Hash=”F5679F92B66A7829D36089816BD67571″ SHA1Hash=”64A7F4EB1FED1CEDED7D2F105FB340525AF0BA25″></Properties>
<Properties fileSize=”174080″ MD5Hash=”F5679F92B66A7829D36089816BD67571″ SHA1Hash=”64A7F4EB1FED1CEDED7D2F105FB340525AF0BA25″></Properties>

Previous Article

Why Oracle/Java Bashing Won’t Help

Next Article

The Ghosts of Malware Past

You may also like

Leave a Reply

Your email address will not be published. Required fields are marked *