All the latest UK technology news, reviews and analysis


Zero-day attack prompts renewed calls to give Java the boot

11 Jan 2013
Java logo

The outbreak of yet another Java zero-day attack has led security experts to once again advise users to disable the platform.

A ransomware Trojan known as Reveton has been connected with the unpatched exploit. After targeting the Java flaw, the attack then installs the malware, which forces users to pay a fee in order to recover their data.

Researchers with Trend Micro have already spotted the flaw in use with two of the most popular automated exploit kits: Blackhole and the Cool Exploit Kit.

The attack has caused a number of vendors and security groups, including Trend Micro, to consider disabling Java altogether. The platform is considered to be among the most popular targets for automated exploits and malware install attempts.

"To prevent this exploit, and subsequently the related payload, we recommend users to consider if they need Java in their systems," the company said in its advisory.

"If it is needed, users must use the security feature to disable Java content via the Java Control Panel, that shipped in the latest version of Java 7."

This is not the first time experts have asked users to consider disabling Java as a security measure. Last year, the disclosure of a similar zero-day exploit and subsequent malware attacks plagued users and drove many to disable the component altogether.

Last November, Kaspersky Lab reported that Java was the single most popular target for online exploits.

According to Symantec, the attack could be the first in a string of similar operations.

 "There has been a lot of coverage of late in relation to the Cool Exploit Kit author (supposedly the same author as the Blackhole exploit kit) having a large budget for buying up new zero-days," Symantec researchers explained.

"If this is the case, this may be the first zero-day in a string of zero-days to come from the Cool Exploit Kit."

Oracle has yet to give word on a possible patch or workaround for the flaw.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols
About

Shaun Nichols is the US correspondent for V3.co.uk. He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
23%
14%
4%
17%
30%
12%

Popular Threads

Powered by Disqus
Sony Xperia Z2 smartphone running Android KitKat 4.4

Sony Xperia Z2 video

We test out the latest Android KitKat flagship from Sony

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

C++ Games Software Developer - 3D Engine / Graphics

C++ Games Software Developer - Expanding Studio An...

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

Junior Service Desk Analyst

Job Title: Junior Service Desk Analyst About Us...

Senior Analyst Programmer (Application Development) X2

Senior Analyst Programmer (Application Development) X2...
To send to more than one email address, simply separate each address with a comma.