security vulnerability Shutterstock - © Andy Dean Photography

Java Zero-Day Sees ‘Mass Exploit Distribution’

The flaw reported yesterday has already escalated and hit mass distribution

On by Thomas Brewster 0

Oracle isn’t being drawn into saying anything on a Java zero-day flaw that emerged yesterday, despite widespread adoption by exploit kits and evidence it is being used to serve up nasty malware.

Trend Micro said it believed the flaw had been integrated into hackers’ toolkits like Blackhole and  the Cool Exploit Kit, serving up the Reveton ransomware from compromised websites.

“Reveton is one of the most common ransomware threats in existence today; these lock user systems and show spoofed notifications from local police agencies,” Trend noted in a blog post.

“These inform users that to unlock their system, they must pay a fine ranging from $200 to $300.”

Zero-day exploits

Kaspersky said the the zero-day had seen “mass exploit distribution”. We have seen ads from legitimate sites, especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java zero-day,” wrote Kurt Baumgartner, Kaspersky Lab expert.

“These sites include weather sites, news sites, and of course, adult sites.”

Security researchers have advised users to disable Java or, if they need it to run, disable Java content via the Java Control Panel, which stops it running in webpages.

Meanwhile, the exploit module targeting the vulnerability has been uploaded to Metasploit, meaning pentesters and cyber crooks alike will be able to see what they can do with the flaw.

Oracle did not respond to a request for comment.

What do you know about online security? Try our quiz and find out!

Thomas Brewster

Author: Thomas Brewster

Security Correspondent, TechWeekEurope
Thomas Brewster Thomas Brewster Thomas Brewster
Techweekeurope for mobile devices
Android-App Google Currents App for iOS

Last comment




0 replies to Java Zero-Day Sees ‘Mass Exploit Distribution’

Leave a Reply

  • Required fields are marked *,
    Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>