Oh Great, Yet Another Java Zero-Day Exploit
Here we go again. We're not even halfway through the first month of the New Year, and already we're being warned to disable Java. Not as a general practice, mind you (though that's not a bad idea), but because of yet another zero-day exploit spotted in the wild
"There appears to be multiple ad networks redirecting to Blackhole sites, amplifying the mass exploitation problem. We have seen ads from legitimate sites, especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java zero-day. These sites include weather sites, news sites, and of course, adult sites," security firm Kaspersky warned in a blog post.
A heat map of the widespread distribution of the Java exploit. Source: Kaspersky
After doing a bit of digging, Kaspersky discovered that not only is the new zero-day exploit coming bundled in the more prevalent exploit kits (yes, such things exist) like Blackhole, Nuclear, and Red Kit, but also in the hands of Metasploit developers.
"Perhaps it is interesting that the first known victim system executing the exploit retrieved the malcode with a Firefox browser, demonstrating the robustness of Java exploits," Kaspersky added. "Also, in December 2012, the zero-day was used to distribute TDSS and ZeroAccess malware."
Oracle hasn't yet addressed the exploit with a security update, so it's up to you to take proper precautions, which include disabling Java browser plug-ins and desktop Java apps.
"There appears to be multiple ad networks redirecting to Blackhole sites, amplifying the mass exploitation problem. We have seen ads from legitimate sites, especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java zero-day. These sites include weather sites, news sites, and of course, adult sites," security firm Kaspersky warned in a blog post.
A heat map of the widespread distribution of the Java exploit. Source: Kaspersky
After doing a bit of digging, Kaspersky discovered that not only is the new zero-day exploit coming bundled in the more prevalent exploit kits (yes, such things exist) like Blackhole, Nuclear, and Red Kit, but also in the hands of Metasploit developers.
"Perhaps it is interesting that the first known victim system executing the exploit retrieved the malcode with a Firefox browser, demonstrating the robustness of Java exploits," Kaspersky added. "Also, in December 2012, the zero-day was used to distribute TDSS and ZeroAccess malware."
Oracle hasn't yet addressed the exploit with a security update, so it's up to you to take proper precautions, which include disabling Java browser plug-ins and desktop Java apps.
