Home / News / Technology / Security

Java zero-day 'massively exploited'

By Juha Saarinen on Jan 11, 2013 7:32 AM
Filed under Security

Remove Java from browser.

A new security hole in Oracle's Java software is making the rounds on the web and being added to commercial crimeware kits, security analysts warn.

IT security blogger and analyst Brian Krebs said the maintainer of the Blackhole browser attack kit, "Paunch", yesterday announced on Underweb forums that the zero-day Java exploit had been added to his crimeware product.

The vendor of the competing crimeware Nuclear Pack shortly afterwards announced that the exploit had been added to that product as well, according to Krebs.

According to Kafeine, who is behind the Malware don't need Coffee blog and who first reported the flaw, the zero-day exploit is out in the wild and being used "massively" currently.

Furthermore, the zero-day exploit has been added to the Cool and Redkit crimeware products too, according to Kafeine.

Kurt Baumgartner of Kaspersky Labs' SecureList blog said multiple advertising networks are currently redirecting to Blackhole sites, "amplifying the mass exploitation problem".

"We have seen ads from legitimate sites, especially in the UK, Brazil and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java 0day," Baumgartner wrote.

The security flaw exists in all versions of Java 7 including the latest Update 10, Krebs noted.

It allows attackers to run arbitrary code on systems with Java browser plug-ins installed and active, leading to systems being compromised unnoticed.

He advised users who have Java installed to unplug the software from browsers, or if it's not needed, remove it completely.

CERT has issued a vulnerability note for the flaw and said it is not currently aware of a practical solution to the problem.

Copyright © iTnews.com.au . All rights reserved.

Java zero-day 'massively exploited'

Tags

java, security, crimeware

Related Articles

Further security flaws found in Java Runtime Environment

Another Java 0-day flaw for sale

Yet more Java holes discovered

Scammers attack payroll outsourcer

Breaking Stories

Alacer Gold turns ERP refit project to Australia

NSW Govt bids for self-service analytics

NSW Police take aim at 3D-printable guns

Google faces new federal antitrust probe

US ISP to rip out Huawei equipment

Send us your tips

Readers of this article also read...

Top Stories

ATO commits to complexity

Greater demand, fewer apps.

Photos: AusCERT 2013 day two

The second day of the Queensland security conference.

Opinion: IBM's Watson is a marketing success.

IT Whitepapers

Top Categories

more technology whitepapers »

Latest Technology Jobs

more technology jobs »

Sign up to receive iTnews email bulletins

FOLLOW US...

Latest VideosSee all videos »

Bankwest builds continuous delivery capability

Bankwest builds continuous delivery capability

To automatically deploy test/dev sandboxes by mid-year.

Veterans' Affairs sets sights on modernisation

Veterans' Affairs sets sights on modernisation

Data safe with Human Services, CIO says.

Citi Australia drops platform customisations

Citi Australia drops platform customisations

Technology chief shifts focus from building to leveraging systems.

VicRoads restructures IT team

VicRoads restructures IT team

Department moves to align with industry benchmarks.

Zurich Australia extends IT team offshore

Zurich Australia extends IT team offshore

Malaysian staff served from Australian data centres.

Leigh Berrell - Utilities CIO of the Year

Leigh Berrell - Utilities CIO of the Year

Yarra Valley Water CIO Leigh Berrell accepts his Benchmark Award for Utilities CIO of the Year.

Wayne McMahon - Retail CIO of the Year

Wayne McMahon - Retail CIO of the Year

Domino's Pizza CIO Wayne McMahon accepts his Benchmark Award for Retail CIO of the Year.

Inside Perpetual's ongoing IT transformation

Inside Perpetual's ongoing IT transformation

CIO Jenny Levy discusses how outsourcing will help the firm "simplify, refocus and grow".

Managing Complexity - Defence's Daniel McCabe

Managing Complexity - Defence's Daniel McCabe

Daniel McCabe, Assistant Secretary of Australia's Department of Defence, provides the audience at the iTnews Data Centre Strategy Summit with a deep dive into the organisation's data centre consolidation program.

How Facebook designed the data centre from scratch - Marco Magarelli

How Facebook designed the data centre from scratch - Marco Magarelli

The full keynote by Facebook data centre architect Marco Magarelli at the Australian Data Centre Strategy Summit. Magarelli details the design considerations behind the social network's Prineville, Oregon; North Carolina and Luleå, Sweden data centres.

Modernising Legacy Data Centres - Telstra's Jon Curry

Modernising Legacy Data Centres - Telstra's Jon Curry

Telstra general manager of managed data centres Jon Curry guides the audience at the iTnews Australian Data Centre Summit through the build of the telco's Clayton, Victoria data centre.

NSW Government launches NABERS data centre rating tools

NSW Government launches NABERS data centre rating tools

Matthew Clark from the NSW Department of Environment guides facilties managers through the details of the new NABERS data centre energy rating tool at the Australian Data Centre Strategy Summit.

NABERS launch panel: Australian Data Centre Strategy Summit

NABERS launch panel: Australian Data Centre Strategy Summit

Matthew Clark (NSW Dept of Environment), Greg Boorer (Canberra Data Centres), Glenn Allan (National Australia Bank), Mike Andrea (Strategic Directions) and Bob Sharon (Green Global Consulting) discuss the impact of the NABERS data centre rating.

Judges notes: Fortescue Metals [The Benchmark Awards]

Judges notes: Fortescue Metals [The Benchmark Awards]

iTnews' panel of judges discuss Fortescue Metals 'New World of Work" project, one of three shortlisted finalists for the Industrials category of the CIO Benchmark Awards.

Judges notes: Retail [The Benchmark Awards]

Judges notes: Retail [The Benchmark Awards]

iTnews' panel of judges discuss the shortlisted finalists for the Retail category of the CIO Benchmark Awards.

Judges notes: Pacific Aluminium [The Benchmark Awards]

Judges notes: Pacific Aluminium [The Benchmark Awards]

iTnews' panel of judges discuss Pacific Aluminium's lightning fast service desk refresh, one of three shortlisted finalists for the Industrials category of the CIO Benchmark Awards.

Judges notes: Domino's Pizza [The Benchmark Awards]

Judges notes: Domino's Pizza [The Benchmark Awards]

iTnews' panel of judges discuss Domino's Pizza's shift to hosted services, one of three shortlisted finalists for the Retail category of the CIO Benchmark Awards.

Judges notes: McDonald's Australia [The Benchmark Awards]

Judges notes: McDonald's Australia [The Benchmark Awards]

iTnews' panel of judges discuss McDonald's Australia's new self-service portal for employees, one of three shortlisted finalists for the Retail category of the CIO Benchmark Awards.

Judges notes: ING Direct [The Benchmark Awards]

Judges notes: ING Direct [The Benchmark Awards]

iTnews' panel of judges discuss ING Direct's 'Bank in a Box', one of three shortlisted finalists for the banking and finance category of the CIO Benchmark Awards.

Judges notes: Yarra Valley Water [The Benchmark Awards]

Judges notes: Yarra Valley Water [The Benchmark Awards]

iTnews' panel of judges discuss Yarra Valley Water's insourcing project, one of three shortlisted finalists for the Utilities category of the CIO Benchmark Awards.

Latest Comments

Powered by Disqus

Polls

Do you prefer the Coalition's NBN policy?

Yes
No

| View results

Yes

19%

No

81%

TOTAL VOTES: 1734

Vote

view previous polls »