Zero-day attack prompts renewed calls to give Java the boot

The outbreak of yet another Java zero-day attack has led security experts to once again advise users to disable the platform.

A ransomware Trojan known as Reveton has been connected with the unpatched exploit. After targeting the Java flaw, the attack then installs the malware, which forces users to pay a fee in order to recover their data.

Researchers with Trend Micro have already spotted the flaw in use with two of the most popular automated exploit kits: Blackhole and the Cool Exploit Kit.

The attack has caused a number of vendors and security groups, including Trend Micro, to consider disabling Java altogether. The platform is considered to be among the most popular targets for automated exploits and malware install attempts.

"To prevent this exploit, and subsequently the related payload, we recommend users to consider if they need Java in their systems," the company said in its advisory.

"If it is needed, users must use the security feature to disable Java content via the Java Control Panel, that shipped in the latest version of Java 7."

This is not the first time experts have asked users to consider disabling Java as a security measure. Last year, the disclosure of a similar zero-day exploit and subsequent malware attacks plagued users and drove many to disable the component altogether.

Last November, Kaspersky Lab reported that Java was the single most popular target for online exploits.

According to Symantec, the attack could be the first in a string of similar operations.

 "There has been a lot of coverage of late in relation to the Cool Exploit Kit author (supposedly the same author as the Blackhole exploit kit) having a large budget for buying up new zero-days," Symantec researchers explained.

"If this is the case, this may be the first zero-day in a string of zero-days to come from the Cool Exploit Kit."

Oracle has yet to give word on a possible patch or workaround for the flaw.