Attackers are now exploiting a Java zero-day vulnerability
The exploit for an unpatched Java vulnerability was added in popular attack toolkits, security researchers say
IDG News Service - An exploit for a previously unknown and currently unpatched vulnerability in Java is being used by cybercriminals to infect computers with malware, according to security researchers.
An independent malware researcher who uses the online moniker Kafeine reported the existence of the exploit "in the wild" -- being actively used in attacks -- on his blog on Thursday.
Attackers are using such exploits to silently install malware on the computers of users who visit compromised websites, in what are known as drive-by download attacks.
The researcher is sharing samples of the exploit with security companies only. "This could be mayhem," he said. "I think it's better to make some noise about it."
"We can confirm that this is a new vulnerability," said Bogdan Botezatu, a senior e-threat analyst at antivirus vendor Bitdefender, via email. "We reproduced the exploitation mechanism on Java 1.7 Update 9 and Update 10. Other versions may be vulnerable as well, we're currently analyzing whether other older updates are vulnerable."
As far as Bitdefender's tests showed, the exploit is specific to Java 7, Botezatu said.
Researchers from security firm AlienVault also confirmed that the exploit works against a fully patched installation of Java 7. The exploit uses similar tricks to bypass Java security restrictions as a different Java exploit that was used by cybercriminals in August 2011, Jaime Blasco, manager of the AlienVault Labs, said Thursday in a blog post.
The exploit has already been added to the popular Blackhole exploit toolkit used by cybercriminals, as well as to Cool Exploit Kit, a more exclusive spin-off of Blackhole, Botezatu said. "Other reports mention that it has also made it in Redkit [a different exploit toolkit], but we can't confirm the information at the moment."
"I've seen samples from Cool EK [exploit kit] and Blackhole EK but it seems it has been also included into Nuclear Pack and Redkit," Jaime Blasco, manager of the AlienVault Labs, said via email. Blasco believes that an exploit will also be added to the popular open source Metasploit penetration testing tool soon, as happens with most zero-day exploits -- exploits for unpatched vulnerabilities.
Using packet captures for the traffic associated with the new Java exploit, Bitdefender researchers were able to trace back some attacks to Jan. 7. However, the company's researchers believe that the attacks probably started on Jan. 2 or 3, Botezatu said.
"The 0-day attack code that was spotted in the wild today is yet another instance of Java security vulnerabilities that stem from insecure implementation of the Java Reflection API," said Adam Gowdiak, the founder of Security Explorations, a Polish security company that specializes in Java vulnerability research.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!