Java vulnerability exploited in Firefox
Yesterday I was of 23:00 to the 03:00 in the morning to turn off and just today I managed to resolve definitively the infection that explored the Java vulnerability in Firefox (Figure 1), being that I am already with version 11.
I noticed that when entering the website a legitimate software company, Java icon appeared and installed a fake antivirus that does not let me open or the command prompt, Task Manager, or other applications.
Additionally he has disabled the McAfee and did not allow access for updating Dat for having policies and disabled the services, as shown in the NAP Manager connection my corporate network (Figure 2).
And the worst is that the McAffee saw only the trojan (Figure 1) after I manually did the DAT update (Daily DAT Update) and already had found the virus in safe mode, which is a file with the name VWTFRZIUZ.exe in the TEMP directory within the user’s profile.
The reason is that the JRE is the Java 6.0.31 vulnerable, but does not update Firefox which continues with the old version (Figure 3) because the JRE Installer 6.0.31 doesn’t remove the JRE 6.0.30 which is vulnerable and with the two installed the vulnerability remains active (Figure 4).
I recommend you to do what I had to do after already infected:
- Check which JRE that Firefox you are using
- If it is earlier than JRE manually remove the JRE by 6.0.31 Windows Control Panel
- Install the JRE 6.0.31 by link: http://java.com/en/download/inc/windows_new_xpi.jsp if you need Java
- Disable the Java plugin in browsers and enable only the sites that really need
Figure 1 – Trojan installed using the vulnerability in JRE 6.0.1
Figure 2 – Antivirus disabled by trojan
Figure 3 – Firefox’s Warning that the JRE 6.0.3 was still installed
Figure 4 – Coexistance of JREs, 6.0.3 is the vulnerable