FYI: Were you online between 12/31/13 and 1/3/14? Your PC may be infected.
If you used your computer, especially if you visited Yahoo (including webmail users who logged in to the mail website to check their email) between December 31 and January 3, there is a chance your computer is infected. The “drive by download” infected an estimated 27,000 users per hour. The exploit attacked a vulnerability in Java. Most users have Java enabled on their computers.
An advertisement on Yahoo’s web site contained the malware. Yahoo removed the ad as soon as they were aware of the problem. The question to ask yourself is, “how many other sites contain malware?”
Striving to provide short newsletters is always a priority here, but in this case you may want to know more:
Having patches in place is always important. Please see: Single Biggest Way to Repel IT Attacks
Unfortunately, patches won’t help against zero-day attacks. Zero-day (also known as 0-day or “oh-day”) attacks exploit problems against which even the latest patch doesn’t protect.
A decision that would have stopped this attack from affecting you: Consider asking your IT department to disable Java on your network.
Your IT Pros may give you push-back on your request since, if your users constantly visit sites that utilize Java, IT Pros may get inundated with user complaints that some websites don’t work as expected. Notify your users ahead of time that you, as the executive, requested that IT implement this change.
Recently, when conducting an IT Vital Systems Review visit, I suggested to an IT Professional that he disable Java, and his initial response was, “No way. I might as well disable their ability to use the Internet entirely since almost all websites use Java!” As a result of the conversation that followed, he now knows that disabling Java won’t devastate users as much as he feared. But did he disable Java? No. His executives delegated decision making to him and that delegation “isn’t necessarily a bad thing.”
Even if this was brought to attention in the past, then an Executive, may decide to accept the risk of using Java. There are many risks and one of the big deliverables of partnering with an outside firm on security is that they can help your IT pros choose the best protection that costs the least money and doesn’t interfere with the user experience.
If you want to completely disable Java all by yourself on your own home computers, here are instructions: How do I Disable Java? Some of the instructions are out of date if you are using the latest browsers and OS (and I hope you are using the latest). Most of the errors related to only the first instruction about where you can find the settings:
-For Internet Explorer, depending on your configuration, you may find that the “Java Control Panel” is now called “Configure Java.”
-In Firefox, choose Tools > Add-ons.
-In Chrome, you access the Chrome menu by clicking on the icon that shows a stack of three horizontal bars. The icon is usually to the far right of the URL address bar.
Then follow the rest of the instructions.
In this attack, Windows Phones and Apple computers are not affected. If you run Windows on a Mac computer, you are still susceptible to the infection. Keep in mind that moving to Mac isn’t a panacea, and moving to a Mac may have consequences related to the interoperability with Windows machines at your office.
Additionally, it seems that European companies were the primary targets. That doesn’t “put you in the clear” and keep in mind that “visiting other sites besides Yahoo” isn’t safe either.
Yahoo is an example of a company that became aware of the problem. Many companies aren’t aware that their sites contain active infections.
There are other protections against these problems including:
-Content restrictions in browsers (we’ll deal with this next week)
-Using browsers only inside of virtual machines that reset each time you launch the virtual machine (complicates the user experience)
-Using application whitelisting Is Anti-Virus Obsolete?
-And more – and no protection is the cure-all.
Please post your comments below…