Critical Java Exploit Spreads like Wildfire

Oops,They have been hit with first zero day vulnerability.Yes,we are talking about a new Java 0-day vulnerability which has been discovered, and is already being exploited in the wild over the internt.Right now the only way to protect your machine against this exploit is disabling the Java browser plugin. Let’s see how long does it take for Oracle to release a patch.In 2012, Java was hit by two super-critical bugs that have been rapidly included in the Blackhole exploit pack, one of the most popular attack toolkits to date. Following the first series of attacks in August against machines running Java 1.7, Java maker Oracle issued a fix that only made things worse.  The patch made way for a similar exploit that now affects Java 5, 6, and 7 alike.

French researcher who goes by the name Kafeine has come across a new Java zero-day.In a post on his Malware Don’t Need Coffee website, the researcher claimed that the latest version, Java 7 Update 10, was being exploited on a site that receives “hundreds of thousands of hits daily” and concluded that “this could be mayhem.”  According to Kafeine , two most popular Web threat tools used by hackers to distribute malware, the BlackHole Exploit Kit and the Cool Exploit Kit, already have this latest Java exploit.

The US Computer Emergency Readiness Team (US-CERT), which falls under the National Cyber Security Division of the Department of Homeland Security, has issued the following vulnerability note:

Overview – Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description – Java 7 Update 10 and earlier contain an unspecified remote-code-execution vulnerability. This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits.
Impact – By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.


According to researchers at Alienvault Labs, the exploits work against fully patched installations of Java. Attack files are highly obfuscated and are most likely succeeding by bypassing security checks built in to the program. KrebsOnSecurity said the malware authors say the exploits work against all versions of Java 7.According to The Next Web, BitDefender confirmed the alleged addition of the exploit into Cool while security expert Brian Krebs confirmed the BlackHole part, as well as noted its addition into Nuclear Pack:

The curator of Blackhole, a miscreant who uses the nickname “Paunch,” announced yesterday on several Underweb forums that the Java zero-day was a “New Year’s Gift,” to customers who use his exploit kit. Paunch bragged that his was the first to include the powerful offensive weapon, but shortly afterwards the same announcement was made by the maker and seller of Nuclear Pack.

We will keep you updated as we obtain more information.

Be safe!

Tagged as: , ,