Friday, February 6, 2009

Fun With Vundo: Checking Your Java Version

I've been receiving an increasing number of calls about Vundo infected systems. Vundo is an adware trojan, with a nasty habit of infecting machines with downlevel Java versions. As is often the case, many users either ignore the Java auto-updater, or are unaware that Java needs to be updated.

A quick and easy way to check is to visit the Java Tester at http://www.javatester.org/version.html. Your users need to be running a version higher than 1.5.0.7 (also known as version 5.0 release 7) .

Java versions can also be checked from the Control Panel by opening the Java panel.

Finally, users can also check each browser individually by manually checking their plugins.

  • Firefox can be checked by going to Tools -> Add-ons -> Plugins.
  • Internet Explorer is uglier - Tools -> Manage Add-Ons will leave you with a list that may include multiple Java versions.
Vundo has made its way into various ad networks, and users who normally browse relatively safely have been infected via their out of date Java versions. A typical infection includes:
  • Popup ads
  • Desktop background changes
  • Screensaver changes
  • Windows updates may be disabled
  • Anti-malware and other security programs may be deleted or disable
Removal can typically be handled by a combination of Malwarebytes and bootable AV such as AVST's BART CD.

No comments: