- Java has been hacked, and gives out a dangerous virus (Apparently called the Ransom Virus) that will lock down your computer. The US department of Homeland Security says it's so critical that for the safety of your computer it's highly encouraged to deactivate Java all together until this is solved. Considering how much members use the oekaki on this site, I thought I should warn those who are unaware.
According to my knowledge this hacker has been in java for eight years now. (Any older versions will be just as dangerous to have on your computer)
Be aware that this virus will affect all programs that run on java! Please be careful.
From Nick: Java has had a security hole in it for a long time. This hole allows someone who owns a webpage to put a Java applet on their page which can infect your computer with a virus. Java itself does not have a virus in it. The problem is that if you happened to browse to some dodgy website that had been infected with a virus, that website could use your vulnerable version of Java to install a virus on your computer.
This security hole is fixed in Java 7 Update 11. If you update to that version from http://java.com/en/ , you are immune to any infected websites that are serving Java applets and you can't get a virus through this hole.
If you're not sure which version of Java you have check on this page to make sure: http://java.com/en/download/installed.jsp
Chomp wrote:By the way; at least for Firefox users, to disable Java you go to "Tools", then click "Add-ons", then go to Plugins and you'll fine Java there - click disable once you get there. So far, two people in my house have gotten ransom-ware virus' recently, and then I ended up finding this today after Java gave me a warning, and apparently yes, the vulnerabilities in java have been exploited and people are getting ransomware virus' from it.
Ransomware is basically a high profit virus that tells you that your computer has been locked down by the department of justice for a bogus reason, and that you have to pay an incredible amount to unlock it. So far the only way we know how to take care of it is by reinstalling windows :/. I don't know if the leak in java has been the cause of the two ransomware virus' on my brothers and mothers computer recently, but I'm pretty sure there's a connection. It's best to be safe than sorry, right? I personally just deleted Java off my computer entirely and I'm going to keep it that way until Oracle comes out with a patch for the leak. Also it's probably best to run a malware/virus scan!
My information may not be correct since I'm not a professional with this kind of thing but yeah, just thought I'd put what I know out there.
Chomp wrote:Well, the latest Java update is infected too apparently. There was a patch released in October of last year but it didn't cover much and they have yet to release the new patched up version. Just because ransomware has been around for years doesn't mean the risks haven't increased recently D:. But yeah, ransomware can get you other places as well. It's just that the risk seems especially high right now.
Anyway, here are a few of my sources (all of them posted in the last couple of days): here, here, here, and here.
So yeah. I'm not trying to cause anybody to panic or anything (nor is Bonus), and it's not like anybody has to do anything, but it's better to warn people than to leave them in the dark.
Chomp wrote:Well, it's not like there's a guarantee you WILL get it. All of these are just precautionary steps. Personally I think it's better safe than sorry - drawing something isn't quiet as important to me as the information on my computer so that's why I've disabled java and took heed. But if you're willing to take the chance, then that's obviously your call.
Anyway, I think there was a little mix up - this vulnerability in java has been around for eight years but it's really only since roughly August of last year that it's been exploited I believe. Since then they released a patch, in October of last year, but it was incomplete. According to Oracle's website, there's going to be a security patch for Oracle products on the 15, but I don't know if that will cover the problems in Java fully. Java specifically gets a patch on the 19th of February. And yes, you can get more than just ransomware from it. Here's an idea of how big the threat is; so big, that Apple has simply disabled the use of Java on some of their products and won't allow people to use it again until there's a fix.
There's been more coverage on this since yesterday, if anybody is still a little unsure. Just so you know that it's not just Bonus and I worrying about it! This was posted yesterday, along with this, this, and this which have all been posted in the last couple of days. So it's not a small isolated problem at all.
Chomp wrote:Okay so it's a little overwhelming but since people are still posting I guess I'll try to answer some things...
Q: Can I get the virus if I live in the UK/Canada/Sweden/Timbuktu, if we're on Facebook/CS/Neopets/Mars?
A: Anybody in the world who uses the Java program is at risk, with the exceptions of some Apple product users and Linux users. It can get you anywhere that uses Java. If you don't know what uses Java, do a quick Google search to find out, but you can pretty much safely assume that it is in one way or another incorporated into most any website.
Q: Hasn't there already been a patch released for this issue?
A: Yes, there has - you can get this by downloading the most recent version of Java on this page. However, sources have said that just because the patch has been released, doesn't mean it's perfectly safe now. You can read more information on it here.
Q: I can't disable Java because the computer I'm using isn't my own. What do I do?
A: I would highly suggest downloading AdBlock Plus if you use Mozilla Firefox or Google Chrome (and I guess it works in Opera as well). You can find the download here. Besides that, stick to websites that you trust and just don't click on ads.
Q: I deleted Java and now I can't get it back. What's going on?
A: I can't properly answer this. I've only had this problem once before and to fix it, I just deleted every version of Java on my computer, restarted my computer and then installed the newest version. This may or may not be your fix, so I would suggest doing research. Most people here who answer questions aren't Java or computer experts - more likely than not, many of them are using Google search to figure out solutions to the problems mentioned here, which is something that you're very capable of as well! So please do a Google search before asking questions and remember that we're not experts. Just normal people trying to warn others about potential threats.
Q: It's not that big of a threat - I've used it fine for so long and I haven't had any problems. Why are you so worried?
A: I personally give credit where credit is due. If you take the time to read over some of the sources I've supplied in previous posts (which are all located on the front post), you may begin to grasp why everyone is so worried. The U.S. Department of Homeland Security is still holding fast to their previous warnings about the usage of Java, which is fairly significant in my personal opinion. A quick search of "Java ransomware 2013", "Java exploit 2013", something along those lines, you will find a slew of blog posts about the matter. I would highly suggest doing good research on the matter before you judge how much of a threat it is and potentially mislead people into letting their guard down. Not everyone infected with the virus is a computer expert who will be able to fix it, and not everyone can afford to take it to a computer specialist to have it fix; it's better safe than sorry.
