All the latest UK technology news, reviews and analysis

Zero-day attack prompts renewed calls to give Java the boot

11 Jan 2013
Java logo

The outbreak of yet another Java zero-day attack has led security experts to once again advise users to disable the platform.

A ransomware Trojan known as Reveton has been connected with the unpatched exploit. After targeting the Java flaw, the attack then installs the malware, which forces users to pay a fee in order to recover their data.

Researchers with Trend Micro have already spotted the flaw in use with two of the most popular automated exploit kits: Blackhole and the Cool Exploit Kit.

The attack has caused a number of vendors and security groups, including Trend Micro, to consider disabling Java altogether. The platform is considered to be among the most popular targets for automated exploits and malware install attempts.

"To prevent this exploit, and subsequently the related payload, we recommend users to consider if they need Java in their systems," the company said in its advisory.

"If it is needed, users must use the security feature to disable Java content via the Java Control Panel, that shipped in the latest version of Java 7."

This is not the first time experts have asked users to consider disabling Java as a security measure. Last year, the disclosure of a similar zero-day exploit and subsequent malware attacks plagued users and drove many to disable the component altogether.

Last November, Kaspersky Lab reported that Java was the single most popular target for online exploits.

According to Symantec, the attack could be the first in a string of similar operations.

 "There has been a lot of coverage of late in relation to the Cool Exploit Kit author (supposedly the same author as the Blackhole exploit kit) having a large budget for buying up new zero-days," Symantec researchers explained.

"If this is the case, this may be the first zero-day in a string of zero-days to come from the Cool Exploit Kit."

Oracle has yet to give word on a possible patch or workaround for the flaw.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols

Shaun Nichols is the US correspondent for He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Project Manager / Technical Project Manager - (Prince 2, ERP, MS Project, ISO, PPI)

Project Manager / Technical Project Manager - (Prince...

Software QA Tester - No.1 Online Video Gaming Tech Provider

Software QA Tester - No.1 Online Video Gaming Tech Provider...

Development Team Leader - Sage One

What's it all about? Sage One is designed specifically...

CRM System Support & Development Manager

At the University of Derby, people are at the heart of...
To send to more than one email address, simply separate each address with a comma.