- dotTech - http://dottech.org -

New Java zero-day exploit hits the internet, is “massively exploited in the wild” — disable Java now!

java_zero_day_exploit_map [1]

So you thought Java [2] season was over, eh? Wrong! It is still open season on Java and a brand new, previously unknown bug has been discovered in Java that allows scumbags to install malware on the computers of netizens.

It isn’t entirely clear how this exploit is conducted but it has been tested and confirmed to work on all versions of Java 7 (including the latest Java 7u10); it may or may not work on earlier versions of Java. It is also confirmed that this exploit has already been introduced in the wild; the exploit has been added to crimeware packs ‘Blackhole’, ‘Redkit’, ‘Nuclear Pack’, and ‘Metasploit’ and multiple websites are already using it, leading a security expert to proclaim it is “massively exploited in the wild”. And according to Kaspersky, even “ads from legitimate sites, especially in the UK, Brazil, and Russia, [are] redirecting to domains hosting the current Blackhole implementation delivering the Java 0day. These sites include weather sites, news sites, and of course, adult sites.”

Update: It has been confirmed this vulnerability is present in all current versions of Java, from Java 4 to Java 7.

If you have Java installed and you visit a website that is employing this exploit, you will be prompted to run a Java applet; if you run the applet, you will be infected. Once infected, your computer is open for scumbags to remotely install malware, such as keyloggers. Once malware is installed, you are at their mercy.

It isn’t entirely clear if this exploit is Windows-only or affects Max OS X and Linux, too. Seeing as Java is cross-platform, my guess is this probably affects Windows, Mac OS X, and Linux.

Since this is a new zero day exploit that has not been patched by Oracle yet, the only way to stay safe is to uninstall or disable Java. If you are not sure how to uninstall or disable Java, read the following guides by dotTech:

Stay safe everyone!

[via Ars Technica [5], Sophos [6], Kaspersky [7]]