Posts Tagged ‘permanently anchor’
Thursday, March 29, 2012 @ 02:03 PM gHale
The bad guys keep exploiting a critical hole in the Java Runtime Environment (JRE) to infect computers with malicious code when users visit a specially crafted web page.
The reason for this increased activity is the arsenal of the BlackHole exploit kit extended to include a suitable exploit, said security blogger Brian Krebs.
The hole patched by Oracle in mid-February allows malicious code to breach the Java sandbox and permanently anchor itself in a system. Varying types of malware have done just that. Some experts said the Zeus Trojan exploited the hole.
The dropper distributes across two Java classes, according to Microsoft analysis. The first class exploits the vulnerability to elevate its privileges when processing arrays, and then executes a loader class that will download and install the payload.
Users can protect themselves by installing or updating to one of the current Java releases: Java SE 6 Update 31 or version 7 Update 3. To see which version of the browser plug-in you have installed, if any, visit the Verify Java Version test page.
However, not even those who use the most current version of Java can feel entirely safe as Krebs said rumors of a new exploit that uses a zero day critical Java hole are circulating on underground forums. To be on the safe side, users can completely uninstall Java or at least disable the browser plug-in. As the use of Java continues to be on the decline, this will likely have little or no effect on most web sites.
The most recent Java updates for Mac OS X 10.7 Snow Leopard and 10.7 Lion are from November 2011. As the basis of these updates is from Java SE 6 Update 29, Mac users may not be safe against the critical hole exploited by criminals.