All the latest UK technology news, reviews and analysis


Zero-day attack prompts renewed calls to give Java the boot

11 Jan 2013
Java logo

The outbreak of yet another Java zero-day attack has led security experts to once again advise users to disable the platform.

A ransomware Trojan known as Reveton has been connected with the unpatched exploit. After targeting the Java flaw, the attack then installs the malware, which forces users to pay a fee in order to recover their data.

Researchers with Trend Micro have already spotted the flaw in use with two of the most popular automated exploit kits: Blackhole and the Cool Exploit Kit.

The attack has caused a number of vendors and security groups, including Trend Micro, to consider disabling Java altogether. The platform is considered to be among the most popular targets for automated exploits and malware install attempts.

"To prevent this exploit, and subsequently the related payload, we recommend users to consider if they need Java in their systems," the company said in its advisory.

"If it is needed, users must use the security feature to disable Java content via the Java Control Panel, that shipped in the latest version of Java 7."

This is not the first time experts have asked users to consider disabling Java as a security measure. Last year, the disclosure of a similar zero-day exploit and subsequent malware attacks plagued users and drove many to disable the component altogether.

Last November, Kaspersky Lab reported that Java was the single most popular target for online exploits.

According to Symantec, the attack could be the first in a string of similar operations.

 "There has been a lot of coverage of late in relation to the Cool Exploit Kit author (supposedly the same author as the Blackhole exploit kit) having a large budget for buying up new zero-days," Symantec researchers explained.

"If this is the case, this may be the first zero-day in a string of zero-days to come from the Cool Exploit Kit."

Oracle has yet to give word on a possible patch or workaround for the flaw.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols
About

Shaun Nichols is the US correspondent for V3.co.uk. He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus
Poll

Tech gifts for Christmas 2014

Is a new tablet on your wish list this festive season, or have they become yesterday’s fad?
12%
22%
14%
7%
45%

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Oracle 11g SQL 2008 Developer (Unix, Oracle RAC, Mirroring)

Oracle 11g SQL 2008 Developer (Unix, Oracle RAC, Mirroring...

Front Office Developer (Excel VBA, C#, Derivatives, Trading flo

Front Office Developer (Excel VBA, C#, Derivatives, Trading...

Telecoms Principal Consultant

Our client is one of the globes leading Technology and...

Application Support

Technical Consultant / Application Support Commodity...
To send to more than one email address, simply separate each address with a comma.