And then phone home with the loot. netstat for odd outgoing connections. From: Ziots, Edward [mailto:[email protected]] Sent: Friday, September 07, 2012 11:33 AM To: NT System Admin Issues Subject: RE: Java vulnerability Q
Most times it’s a keylogger or other malicious code downloaded from multiple sources that will hook processes inject into other processes (legit) and try to remain persistent. If you can disable java invocation in the Internet Zone, which will stop the drive-by’s for the time being. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> From: Kennedy, Jim [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Friday, September 07, 2012 11:14 AM To: NT System Admin Issues Subject: RE: Java vulnerability Q The exploit is used to drop code on the target. That is how most of the exploits that you hear about are used. It isn’t that I use Java to get your password….I use Java to drop a keylogger on your box to get your password…for example. So you are looking for what they dropped. From: David Lum [mailto:[email protected]] Sent: Friday, September 07, 2012 11:09 AM To: NT System Admin Issues Subject: Java vulnerability Q If a system has been compromised by the latest Java exploit – how would someone know? What would you look for? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
