PDA

View Full Version : How do you know your computer was infected with Java zero day exploit?




clukas
Jan 17, 2013, 10:47 AM
With all the latest scares and tips how to protect yourself against the evil java zero day exploit, I have not found any information or tutorials how to check whether your mac has been compromised.

I am using sophos antivirus for mac, and completed a recent scan with everything coming back clean, but how can you actually be sure that a mac is not compromised through the java exploit?



GGJstudios
Jan 17, 2013, 02:36 PM
With all the latest scares and tips how to protect yourself against the evil java zero day exploit, I have not found any information or tutorials how to check whether your mac has been compromised.
There is no specific exploit called "zero day exploit". A Zero day virus or attack or exploit refers to a previously unknown computer malware or exploit. No app can protect against a zero day exploit or malware, because they don't know what to look for.

I am using sophos antivirus for mac, and completed a recent scan with everything coming back clean, but how can you actually be sure that a mac is not compromised through the java exploit?
I recommend avoiding Sophos, as it can actually increase a Mac's vulnerability, as described here (http://forums.macrumors.com/showpost.php?p=11570070&postcount=31) and here (http://forums.macrumors.com/showpost.php?p=12029337&postcount=41). 3rd party antivirus apps are not needed to keep a Mac malware-free, as long as the user practices safe computing, as described in the following link (includes avoidance of Java-based attacks).
Mac Virus/Malware FAQ (http://guides.macrumors.com/Mac_Virus/Malware_FAQ)
If anyone insists on running antivirus for some reason, ClamXav (http://www.clamxav.com/) (which is free) is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges.

Weaselboy
Jan 17, 2013, 03:12 PM
With all the latest scares and tips how to protect yourself against the evil java zero day exploit, I have not found any information or tutorials how to check whether your mac has been compromised.

I am using sophos antivirus for mac, and completed a recent scan with everything coming back clean, but how can you actually be sure that a mac is not compromised through the java exploit?

It sounds like you are referring to this new malware (http://reviews.cnet.com/8301-13727_7-57563567-263/new-malware-exploiting-java-7-in-windows-and-unix-systems/) called Mal/JavaJar-B. There aren't any reports of it hitting OS X systems yet, so you are probably okay.

It looks like Sophos already updated their scanner with this malware signature, so if you have updated Sophos and done a scan, you are in good shape.

munkery
Jan 19, 2013, 04:59 PM
No Mac OS X payload is associated with this Java exploit so there is no need to worry about being infected.

clukas
Jan 19, 2013, 08:14 PM
Thanks for the responses. Whilst I do know that there is no virus called zero day exploit itself I didn't know how to formulate the question better.

SlCKB0Y
Jan 19, 2013, 09:57 PM
No app can protect against a zero day exploit or malware, because they don't know what to look for.


Other than implementing this:
http://en.wikipedia.org/wiki/Heuristic_analysis

GGJstudios
Jan 20, 2013, 12:09 AM
Other than implementing this:
http://en.wikipedia.org/wiki/Heuristic_analysis
As stated in that article:
The effectiveness is fairly low regarding accuracy and the number of false positives. Since heuristic analysis operates on the basis of past experience (by comparing the suspicious file to the code and functions of known viruses), it is likely to miss new viruses that contain previously unknown methods of operation not found in any known viruses.
The amount of OS X malware in the wild is extremely low, providing very little historical data. As for a virus threat, since there has never been a Mac OS X virus in the wild, there is no historical data on which to base heuristic analysis.