Weakness of Java Exploited by Hackers: Web users potentially having to disable the Java application to avoid malware
It has been reported by security analyst that several hackers have discovered a weakness in the Java application and are using the flaw to download malevolent malware to infect computers.
The two most common exploit toolkits currently being used by cybercriminals to spread the Web malware are the Cool Exploit Toolkit and the Blackhole Exploit Toolkit. The Blackhole toolkit is the most dominant and is the most prevalent infecting over 100,000 computers each day. The technique below is an example of what is being used to obscure the exploits:
Once the encrypted code is inadvertently downloaded, it will redirect users to a viral file infecting their computers. The majority of these sites that aid in infecting computers with the malware are sites that are typically unsecured and / or have been previously compromised.
In October of 2012, the Cool Exploit Kit aka- Cool EK started to appear. This malware has been recently reported as having the capabilities of locking ones computer and demand a ransom payment before the hacker unlocks the computer; once the ransom is received, the cybercriminal will allow the User to resume capabilities and normal functions.
F-secure conducted an analysis of Java’s runtime and discovered ironic similarities of the vulnerabilities indicating that the exploits were more than likely created by the same hacker and / or team of hackers.
Brian Krebs, a journalist of investigation, was advised by the co-author of the Blackhole, Paunch, that these exploits are costing approximately $10,000.00 per month with the cost increasing.
Kafeine, a French security researcher, further researched the Cool Exploit Toolkit and discovered that hackers were using the weakness of Microsoft Windows. Duqu, the scandalous worm exploited the defect in the Windows font processing code within the system.
Kafeine has also assisted Alien Vault Labs security firm to emulate the exploit on a fully-patched installation of Java and use a malevolent Java attribute to remotely launch the Calculator on Windows XP.
The Next Web advised Users, “We recommend that regardless of what browser and operating system you’re using, you should uninstall Java if you don’t need it. If you do need it, use a separate browser when Java is required, and make sure to disable Java in your default browser,”
Computer World advised that in August of 2012, Oracle came across the same situation. Oracle discontinued its normal quarterly Release cycle and launched / completed an urgent cycle / update. Although Oracle has not yet confirmed their patching plans, their next Released is scheduled for February 19th.