New Java Vulnerability Being "Massively Exploited" in the Wild

Status
Not open for further replies.

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
09gq0.png

Another Java zero-day security flaw is actively being targeted in the wild, and exploits are already in use across some of the most popular crimeware toolkits.

If you haven't disabled Java yet, there is no better time than now.

Source : Direct Link
 

Exterminator

Community Manager
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Thanks for this,time to disable for sure.I know have it disabled
 

Ramblin

Level 3
May 14, 2011
1,014
Getting rid of Java completely about four years ago was one of the first steps that I took in order to be safe using a computer-

I think getting rid of it is the way to go if its not require for work or by a program that the user have to use. For a game or a site, in my opinion, is not worth having.

Bo
 

Ramblin

Level 3
May 14, 2011
1,014
rebel4life said:
so what do people use instead of java i've been looking at DART or PYTHON
Rebel, your question above tells me that you don't need Java. You can uninstall it and your system wont break down.;) It is likely that you dont need it at all. If there is a program or site that requires it, it will tell you about it and then you can decide if its worth it or not for you to reinstall it.

By getting rid of it, you ll automatically will become a lot safer since Java exploits will not affect your system. Game is over for Java before it starts. Isn't that nice. Java infections will not be allowed to play games with your computers.:cool:

Bo
 

savit

Level 1
Apr 9, 2011
120
CVE-2013-0422 Java Applet JMX RCE Metasploit Demo :s:mad::idea: (Java OFF)
 
Last edited by a moderator:
I

illumination

I got rid of Java a long time ago, have not missed it in any way/shape or form. I also am a avid user of Noscript/ScriptSafe :D
 
D

Deleted member 178

illumination said:
I got rid of Java a long time ago, have not missed it in any way/shape or form. I also am a avid user of Noscript/ScriptSafe :D

Same for me , i remove it ages ago.
 

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Another day, another Java 0-day exploit in the wild

Info Security said:
Another active 0-day exploit has been discovered in use by all of the main exploit kits: Blackhole, Cool, Nuclear Pack, RedKit and Sakura. Users are urged, wherever possible, to disable Java.

French researcher Kaffeine, who has been closely monitoring the Cool Exploit Kit, found a new Java exploit. “Hundreds of thousands of hits daily where i found it,” he noted. “This could be a mayhem.” At first he wasn’t sure whether to go public in case it caused more problems – but then he saw that Brian Krebs was also on its trail.

Krebs found it not in the wild but on the underground chat forums. “The curator of Blackhole,” wrote Krebs, “a miscreant who uses the nickname ‘Paunch,’ announced yesterday on several Underweb forums that the Java zero-day was a ‘New Year’s Gift,’ to customers who use his exploit kit.” And from there it spread. Kaffeine decided to go public, and published details.

AlienVault picked it up from Kaffeine. “With the files we were able to obtain we reproduced the exploit in a fully patched new installation of Java. As you can see below we tricked the malicious Java applet to execute the calc.exe in our lab.” This exploit works on all versions of Java across all platforms, and is in use by a growing number of exploit kits (Metasploit has already added a module targeting the vulnerability). It is, in short, a serious and immediate threat.

“We have seen ads from legitimate sites,” writes Kaspersky Labs’ Kurt Baumgartner, “especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java 0day. These sites include weather sites, news sites, and of course, adult sites.” Symantec claims to have been ‘proactively’ catching the exploit since January 9, but Kaspersky claims it has samples from mid-December.

Read more: http://www.infosecurity-magazine.com/view/30165/another-day-another-java-0day-exploit-in-the-wild/
 

Payback

New Member
Verified
Jan 7, 2013
325
RE: Another day, another Java 0-day exploit in the wild

Interesting,thank you for the magazine Admini
 
N

Nige_40

I only moved it 5 days ago. And so far I have not missed it. But you get that odd site out there that cry's out. No Java!! Installed. I just ignore it and look at what I need to look at and close the page.

And for the Record they are clean sites not A* :)
 

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
'Verify Java Version' displayed successful at 1:50. It must still be enabled, so JAVA is clearly installed and active on that PC.

savit said:
CVE-2013-0422 Java Applet JMX RCE Metasploit Demo :s:mad::idea: (Java OFF)
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top