Researchers warn of new Java exploit being used by attackers
The new exploit affects the latest versions of Java 7 and Java 6, FireEye researchers warn
IDG News Service - A new exploit for a previously unknown and unpatched Java vulnerability is being actively used by attackers to infect computers with malware, according to researchers from security firm FireEye.
"We observed successful exploitation against browsers that have Java v1.6 Update 41 and Java v1.7 Update 15 installed," FireEye researchers Darien Kindlund and Yichong Lin said Thursday in a blog post.
In the attacks analyzed by FireEye, the exploit is being used to download and install a remote access tool (RAT) called McRAT. This type of malware is frequently used in targeted attacks, but FireEye did not disclose any information about who is being targeted.
A screen shot of the exploit's traffic published by the company reveals that the malware is being downloaded from a Japanese website as a .jpg file, although the extension is probably fake and used as a diversion.
The new exploit is not very reliable because it tries to overwrite a big chunk of memory in order to disable Java security protections, the FireEye researchers said. Because of this, in some cases the exploit successfully downloads the malware, but fails to execute it and results in a Java Virtual Machine (JVM) crash.
Security researchers from antivirus vendor Kaspersky Lab confirmed Friday that the exploit works against Java 7 Update 15, which is the most recent version of Java, but said that it fails on older versions, like Java 7 Update 10. The attack appears to be a targeted one, said Costin Raiu, director of Kaspersky's global research and analysis team, but he had no additional information to share.
News of this zero-day -- previously unknown -- Java exploit comes days after researchers from Polish vulnerability research firm Security Explorations found and reported two new Java vulnerabilities to Oracle.
The exploit reported by FireEye seems to target a memory corruption vulnerability that's different from what Security Explorations found, Adam Gowdiak, the founder of Security Explorations, said Friday via email.
"We try to avoid [researching] memory corruption vulnerabilities in Java as they are not that powerful as pure Java level bugs," Gowdiak said. Only one of the 55 Java security issues reported by Security Explorations to Oracle in the past year was a memory corruption vulnerability, he said.
Gowdiak believes that the recent security breaches at Twitter, Facebook, Apple and Microsoft that resulted from an attack using a different Java zero-day exploit, might have triggered additional interest in Java bugs from attackers.
"We have notified Oracle and will continue to work with Oracle on this in-the-wild discovery," the FireEye researchers said. "Since this exploit affects the latest Java 6u41 and Java 7u15 versions, we urge users to disable Java in your browser until a patch has been released; alternatively, set your Java security settings to 'High' and do not execute any unknown Java applets outside of your organization."
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Infographic: Converged Infrastructure Benefits This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- Going Paperless? Here's What You Need to Think About As makers of some of the world's most popular PDF solutions, we often consult with businesses & governmental agencies that have the goal...
- The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control.
Enhance Your Virtualization Infrastructure With IBM and Vmware
Date: Wednesday, May 14, 2014, 1:00 PM EDT
Virtualization technology is now expanding beyond the server compute elements to encompass networking and storage...
All Cyberwarfare White Papers |