Security vendors warn users to disable Java after zero day exploit is foundFlaw is being used by toolkits to distribute ransomware
http://www.theinquirer.net/inquirer/news...xploit-is-foundBy Lee Bell
Fri Jan 11 2013
A JAVA ZERO DAY EXPLOIT has been found in the wild and security vendors are advising users to disable Java support in their computers in order to stay safe.
Millions of computer users, whether they favour the Windows, Mac or Linux operating systems, are at risk from a recently discovered zero day vulnerability for which there is as yet no fix.
According to Trend Micro, the flaw is being used by toolkits like the Blackhole Exploit Kit (BHEK) and the Cool Exploit Kit (CEK) to distribute ransomware, particularly Reveton variants.
"Currently, we detect the exploits as JAVA_EXPLOIT.RG, with the sites that load this exploit code detected as HTML_EXPLOIT.RG. The Reveton payloads are detected as TROJ_REVETON.RG and TROJ_REVETON.RJ," Trend Micro said in a post on its blog.
Reveton is one of the most common ransomware threats in existence and works by locking users' systems and showing spoofed notifications from local police agencies. These tend to inform users that to unlock their system, they must pay a 'fine' ranging from £100 to £300.
To prevent this exploit, Trend Micro recommends that users consider whether they really need Java in their systems.
"If it is needed, users must use the security feature to disable Java content via the Java Control Panel, that shipped in the latest version of Java 7," Trend's blog post said.
"If Java content is not needed, users may opt to uninstall Java as it can pose certain security risk."
Writing in a blog post, Alien Vault's head of Labs Jaime Blasco also recommended disabling Java software.
"Right now the only way to protect your machine against this exploit is disabling the Java browser plugin," he said. "Let's see how long does it take for Oracle to release a patch."
We contacted Oracle for comment on the flaw. It said it has received a number of requests for a statement around the issue but is keeping schtum for now. If it does have something to add, it will issue a statement next week, Oracle said.
Trend Micro said that this year we will see more developments from toolkits seen using the Java flaw, especially that versions that are stealthier or more difficult to detect will emerge.
"Perhaps, this use of [a] zero-day exploit is a taste of trends to follow with regards to cyber criminal toolkits," the firm added. µ
