Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Critical Java zero-day bug is being “massively exploited in the wild”


  • Please log in to reply
3 replies to this topic

#1 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:07:05 AM

Posted 11 January 2013 - 11:23 AM

Attack code that exploits vulnerability in Java's browser plugin has been added to the Blackhole, Cool, Nuclear Pack, and Redkit exploit kits, according to the Malware Don't Need Coffee blog, prompting its author to say that the bug is being "massively exploited in the wild." Miscreants use these products to turn compromised websites into platforms for silently installing keyloggers and other types of malicious software on the computers of unsuspecting visitors. KrebsOnSecurity reporter Brian Krebs said the curators of both Blackhole and Nuclear Pack have taken to the underweb to boast of the addition to their wares. It's not yet clear how many websites have been outfitted with the exploits.

snip

"There appears to be multiple ad networks redirecting to Blackhole sites, amplifying the mass exploitation problem," Kaspersky Lab expert Kurt Baumgartner wrote. "We have seen ads from legitimate sites, especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java 0day. These sites include weather sites, news sites, and of course, adult sites."


http://arstechnica.com/security/2013/01/critical-java-zero-day-bug-is-being-massively-exploited-in-the-wild/

Uninstalling Java in 5...4...3... :whistle:

BC AdBot (Login to Remove)

 


#2 jburd1800

jburd1800

  • Members
  • 565 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 11 January 2013 - 01:14 PM

Union_Thug

Based on my trust of this site, and the good people here, I deleted Java. Having read all the downside to Java, is there an alternative that I need? Thanks

“May the sun bring you new energy by day, may the moon softly restore you by night, may the rain wash away your worries, may the breeze blow new strength into your being, may you walk gently thorugh the world and know it's beauty all the days of your life.”


#3 Union_Thug

Union_Thug

    Bleeps with the fishes...

  • Topic Starter

  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:07:05 AM

Posted 11 January 2013 - 02:26 PM

Actually, I only disabled the browser plug-ins... so far only 2 of my regularly visited sites need Java applets enabled, unfortunately 1 was my bank. :blink: As I understand it, Java security issues usually occur when Java is running in a sandboxed environment, in particular as a browser plugin. Dunno of any alternatives to JRE offhand & I assume if there were such an animal out there it would be pretty widely known in theses type communities, much like the alternatives to Adobe Reader.

Edit to add: Java 7 Update 10 ships with a feature that makes it far simpler to unplug Java from the browser than in previous versions. Oracle’s instructions for using that feature are here


Edited by Union_Thug, 11 January 2013 - 03:53 PM.


#4 jburd1800

jburd1800

  • Members
  • 565 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 11 January 2013 - 05:48 PM

Thanks...have no idea which of my sites require it. I'll just see what happens...

“May the sun bring you new energy by day, may the moon softly restore you by night, may the rain wash away your worries, may the breeze blow new strength into your being, may you walk gently thorugh the world and know it's beauty all the days of your life.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users