Monthly Archives: August 2012

Oracle Java New Vulnerability Being Exploited in the Wild

The Oracle Java Runtime Environment (JRE) 1.7 allows users to run Java applications in a browser or as standalone programs.

Oracle Java Runtime Environment (JRE) 1.7 contains a vulnerability that may enable a  remote attacker to execute arbitrary code on a vulnerable system. This is done  by convincing a user to visit a specially crafted HTML document (many websites use HTML as the language to display web pages).

This vulnerability is being actively exploited in the wild, and exploit code is publicly available. One of the most popular hacker tools in use, Blackhole, has added this vulnerability to its toolkit. Blackhole bundles numerous exploits and tries each in turn until it finds one that will work against a personal computer.

Oracle’s next scheduled update to patch this vulnerability is in October, which makes it temporarily impossible to resort to an update to handle the situation.

What to do

Disable the Java plug-in:

Disabling the Java browser plugin may prevent a malicious webpage from exploiting this vulnerability. There are different methods for disabling the Java plug-in, depending on the web browser you use:

Microsoft Internet Explorer: Due to the complexity and impracticality of disabling Java in Internet Explorer, you may wish to uninstall Java to protect against this vulnerability, until a patched update is published.

Mozilla Firefox: How to turn off Java applets

Apple Safari: How to disable the Java web plug-in in Safari

Google Chrome: See the “Disable specific plug-ins” section of the Chrome documentation for how to disable Java in Chrome.

 

I’ll be glad to answer any questions you might have on the subject.

Multiple Malware Campaigns Impersonating Multiple U.S. Government Agencies

The United States Computer Emergency Readiness Team (US-CERT) has warned of multiple malware campaigns impersonating multiple U.S. government agencies, including the United States Cyber Command (USCYBERCOM) and the Federal Bureau of Investigation (FBI).

Once installed on a system, the malware displays a screen claiming that a Federal Government agency has identified the user’s computer as being associated with one or more crimes. The user is told to pay a fine to regain the use of the computer, usually through prepaid money card services.

Affected users should not follow the payment instructions. Instead, the computer should be scanned for malware with an appropriate antivirus program, and then measures taken to avoid the infection from re-occurring.