Attackers are now exploiting a Java zero-day vulnerability
The exploit for an unpatched Java vulnerability was added in popular attack toolkits, security researchers say
IDG News Service - An exploit for a previously unknown and currently unpatched vulnerability in Java is being used by cybercriminals to infect computers with malware, according to security researchers.
An independent malware researcher who uses the online moniker Kafeine reported the existence of the exploit "in the wild" -- being actively used in attacks -- on his blog on Thursday.
Attackers are using such exploits to silently install malware on the computers of users who visit compromised websites, in what are known as drive-by download attacks.
The researcher is sharing samples of the exploit with security companies only. "This could be mayhem," he said. "I think it's better to make some noise about it."
"We can confirm that this is a new vulnerability," said Bogdan Botezatu, a senior e-threat analyst at antivirus vendor Bitdefender, via email. "We reproduced the exploitation mechanism on Java 1.7 Update 9 and Update 10. Other versions may be vulnerable as well, we're currently analyzing whether other older updates are vulnerable."
As far as Bitdefender's tests showed, the exploit is specific to Java 7, Botezatu said.
Researchers from security firm AlienVault also confirmed that the exploit works against a fully patched installation of Java 7. The exploit uses similar tricks to bypass Java security restrictions as a different Java exploit that was used by cybercriminals in August 2011, Jaime Blasco, manager of the AlienVault Labs, said Thursday in a blog post.
The exploit has already been added to the popular Blackhole exploit toolkit used by cybercriminals, as well as to Cool Exploit Kit, a more exclusive spin-off of Blackhole, Botezatu said. "Other reports mention that it has also made it in Redkit [a different exploit toolkit], but we can't confirm the information at the moment."
"I've seen samples from Cool EK [exploit kit] and Blackhole EK but it seems it has been also included into Nuclear Pack and Redkit," Jaime Blasco, manager of the AlienVault Labs, said via email. Blasco believes that an exploit will also be added to the popular open source Metasploit penetration testing tool soon, as happens with most zero-day exploits -- exploits for unpatched vulnerabilities.
Using packet captures for the traffic associated with the new Java exploit, Bitdefender researchers were able to trace back some attacks to Jan. 7. However, the company's researchers believe that the attacks probably started on Jan. 2 or 3, Botezatu said.
"The 0-day attack code that was spotted in the wild today is yet another instance of Java security vulnerabilities that stem from insecure implementation of the Java Reflection API," said Adam Gowdiak, the founder of Security Explorations, a Polish security company that specializes in Java vulnerability research.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Malware and Vulnerabilities White Papers | Webcasts