“Criminals are once again using Java’s cross-platform design to add Linux and Mac users to their usual Windows target list, Kaspersky Labs researchers have discovered,” John E Dunn reports for PCWorld.
“The malicious Java application recently unearthed by the firm, HEUR:Backdoor.Java.Agent.a, is only the latest example of the opportunistic trend to use the huge potential of Java to get a malware three-for-one in the cause of turning systems into Distribued Denial of Service bots,” Dunn reports. “Once on the target system after hitting Java flaw CVE-2013-2465 (SE 7 Update 21 and earlier), patched last June, the malware sets up its command and control using IRC. According to Kaspersky, one of the targets on the receiving end of a DDoS attack might be an unnamed bulk email service.”
Dunn reports, “The cross-platform tactic isn’t new and in truth it’s hard to know whether the criminals behind it are more interested in attacking Linux and Macs or simply targeting Java’s numerous vulnerabilities on the greatest number of systems.”
Read more in the full article here.
[Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]
How do I go about uninstalling Java? They don’t make it easy.
To uninstall Java, open Terminal and enter:
sudo rm -fr /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin
I posted where to find the plug-in, so you can trash it, further down the thread. You don’t have to do ‘sudo…’. But you will require your administrator password.
Time to fur off Java. It was ugly anyway.
I have 1 app that is irreplaceable and requires java, I use netbeans every now and then too.
Enable java
sudo chmod 755 /System/Library/Java/JavaVirtualMachines/
Disable Java
sudo chmod 000 /System/Library/Java/JavaVirtualMachines/
All in all, java is a disgusting abomination that is the scourge of the web, shame people still use it. Not sure why python hasn’t killed it yet
Keep in mind that if you’re NOT running Java in a web browser, you’re not going to run into most of the Java exploits. It’s the crap Oracle Java Internet plug-in that’s most dangerous and worth trashing.
As for non-web Java applications, you’re probably fine! Just be certain you have verified the source of the software is safe.
Don’t ever run any ‘mystery’ Java software or you’re asking for trouble. Oracle has destroyed Java sandboxing and I doubt it will ever be fixed.
And exactly how does Oracle sign up new business after business each quarter onto it’s e-business suite that uses java???
I’d like to know as well.
I was just on a humor photo website yesterday when a pop up window appeared (twice) informing me of a Java update. I ignored them and closed them both times, but I found out a little bit later that the site had done some redesign… so I thought it was possible it was legit notice. Now I’m not so sure.
Oracle has a FAQ page about Java for Mac:
http://www.java.com/en/download/faq/java_mac.xml
Why will Applets not run after getting Java through Apple Software Update?
Apple disables the Java plug-in and Webstart applications when the Java update is done using Software Update. Also, if the Java plug-in detects that no applets have been run for an extended period of time it will again disable the Java plug-in.
As per Apple’s recent crap documentation team, (and yes, I’ve ranted at Apple about this many times), they have NOT provided any single coherent document about what they’ve done with the Java in recent versions of Safari. (If someone finds such a document, please link it here!) Instead, there is a scattered set of sort-of relevant documents at their website. I’ll link some below.
Java updates available for OS X on August 28, 2013
– This has information about enabling and disabling the Java plug-in.
How to disable the Java web plug-in in Safari
– More about disabling the Java plug-in.
OS X Mavericks: Signed applets
– Safari 7 provides extra protection from Java. This document describes the security certificate trust options Apple provides to users.
Here is an article by net friend Topher Kessler about how to deal with plug-ins in general when using Safari 7, which only runs on Mavericks:
Manage plug-ins on a per-site basis in Safari 7
Here are a couple articles by Topher Kessler specific to the Java plug-in:
Apple updates Java, removes Java plugin
How to re-enable Apple’s Web plugin after updating Java
I don’t know if this Java malware back door business is overblown. Anyway I don’t run Java on my Macs and never noticed the difference. I don’t even know what it’s used for.
Saw this on the discussion group attached to the article. Hope it helps. From Marcus77
“What is the purpose of this piece?
Is the purpose to warn the public of a significant malevolent Java threat, or is it something else?
Is the purpose of the article to highlight those platforms affected, or is an attempt at something else?
Java does not run as root on a well formed gnu/Linux system, if Java runs on a Gnu/Linux system at all. (same goes for Macs too).
Java cannot do the types of things suggested by this article unless its running as root, and unless it has not been patched.
Microsoft products are the only products that allow incoming scripts to run by default (maybe just because they are named correctly) . Macs and Gnu/Linux do not suffer from this kind of insanity.
Is the point of the article (and all similar) to implicate Macs and Gnu/Linux in an all-to-common scenario of malware attacks Microsoft OS again… ?
This scenario is not showing up in the wild on Gnu/Linux distros nor Macs. So, what is the point of the article?
Cheers”
Scaremongering against the Mac community.
Thanks Eldernorm. I’m sure the reason for the article is to sell what Kasparsky has for sale.
The gang of Mac security writers and researchers I belong to went over this ‘malware’ and came to this conclusion, so far:
“HEUR:Backdoor.Java.Agent.a” is a GENERIC name used to describe something the heuristics engine of the anti-malware app found while running. It does NOT represent actual software/malware. As far as we can tell, there is no specific software/malware implicated. IOW: This may be merely a misidentification error. If we see this ‘malware’ given an actual name, then we’ll know its more than vaporware.
Meanwhile: If you’re using an old version of Java, for whatever reason, and you computer is connected to the Internet, you’re crazy.
Java is the single most dangerous software Mac users can install and run on their machines. Just Say No To Java.
But if you’re forced to use Java, be certain it is as up-to-date as possible. Here is where you check:
http://www.java.com/en/download/mac_download.jsp
If you have Java installed and you’d like to disable the dangerous Internet plug-in, here is where to find it so you can trash it:
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
And keep in mind that Apple’s most recent versions of Safari prevent anything Java from loading until you, the user, approve it running. IOW: No more drive-by Java malware infections. Firefox also disables the Java plug-in entirely by default. You have to personally activate it to use it. Do don’t activate it.
Oh and,
Oracle: I HATE YOU 👿
Mac OS X 10.9.1 Safari 7.0.1
Open Safari Preferences:internet plug-ins:Manage Website settings.
Select “questionable app.” and tell what actions to perform on what websites (Allow, Block, etc.)
Assuming it works as depicted, very simple.
Should be:
Open Safari Preferences:Security:internet plug-ins:Manage Website settings.
” Java flaw CVE-2013-2465 (SE 7 Update 21 and earlier”
This version of Java is, well, ancient. The one out there now is 51.