New Java Exploit Debuts

Monday, July 9, 2012 @ 01:07 PM gHale


Malicious computer code that leverages a newly-patched security flaw in Oracle’s Java software is ready for cybercriminal operations powered by the BlackHole exploit pack.

The addition of a new weapon to this malware will hike the level of compromised PCs, as more than 3 billion devices run Java and quite a few of these are months out of date, according to a report published on KrebsOnSecurity.

RELATED STORIES
Blackhole Exploit Upgraded
Phishing Emails Getting Real
ICS-CERT: Attacks on Rise
Cyber Secure Device Certification

The new exploit first came to light when a security researcher at a financial firm was tracing the source of an infected computer in his network. The researcher discovered the culprit appeared to be a malicious “.jar” file. A scan of the jar file at Virustotal.com showed just one antivirus product (Avira) was able to detect it as “Java/Dldr.Lamar.BD.” The description of that threat said it targets a Java vulnerability tagged as CVE-2012-1723, a critical bug fixed in Java 6 Update 33 and Java 7 Update 5.

The attack may relate to an exploit published for CVE-2012-1723 in mid-June by Michael ‘mihi’ Schierl. But according to the current vendor of the BlackHole exploit pack, the exact exploit for this vulnerability has been for private use to date. The BlackHole author said the new Java attack will roll into a software update and become available effective now to all paying and licensed users of BlackHole, according to the report.

Regardless of which operating system you use, if you have Java installed, you should update it, or remove it as soon as possible. Java requires constant patching, and it appears to be the favorite target of attackers these days.

Windows users can find out if they have Java installed and which version by visiting www.java.com and clicking the “Do I have Java? link. Mac users can use the Software Update feature to check for any available Java updates.

If you primarily use Java because some Web site, or program you have on your system — such as OpenOffice or Freemind — requires it, you can still dramatically reduce the risk from Java attacks just by disabling the plugin in your Web browser. In this case, a user might want to go to a two-browser approach. If you normally browse the Web with Firefox, for example, consider disabling the Java plugin in Firefox (from the Add-ons menu, click Plugins and then disable anything Java related, and restart the browser), and then using an alternative browser (Chrome, IE9, Safari, etc.) with Java enabled to browse only the site that requires it.

Apple stopped bundling Java by default in OS X 10.7 (Lion), it offers instructions for downloading and installing the software framework when users access webpages that use it. The latest iteration of Java for OS X configures the Java browser plugin and Java Web Start to deactivate if they remain unused for 35 days.



Leave a Reply

You must be logged in to post a comment.