Categories: MacSecurityWorkspace

Attackers Target Networks With Zero-Day Java Flaw

Security firms warned business users and consumers to remove Java if possible, after one company identified an attack against its customers using a previously unknown vulnerability in Java.

On 24 August, threat-protection firm FireEye stopped an attack targeting the flaw and over the weekend confirmed that the security issue was previously undiscovered. The attack exploited the vulnerability in the latest version of the software platform, Java 7, and can execute on Windows, Mac OS X and Linux, said Atif Mushtaq, a senior staff scientist with FireEye.

Silent attack

FireEye and other security firms have discovered that the attack is quite silent.

“Unlike other exploits, which, when they run, crash your browser and give you a feeling that something is wrong, this attack really works silently,” Mushtaq said on 27 August. “Every big platform is really being targeted right now.”

Known for its cross platform functionality and tag line “write once, run everywhere”, the Java software platform has become a very popular target of cybercriminals with major exploit kits, such as Blackhole, including at least a handful of exploits to target Java vulnerabilities. The software’s widespread deployment, especially in enterprise environments and the necessity of keeping older, vulnerable versions around for backwards compatibility, give attackers an ideal environment to easily exploit targeted systems.

The failed attack, which led to the discovery of the vulnerability, attempted to install Poison Ivy, a well-known rootkit, but also one that has been used in some nation-state-related attacks. The attack emanated from servers in China, but experts are quick to point out that cyber-criminals utilise compromised servers in other countries to mislead investigators.

Mushtaq and other security researchers worried that Oracle, which took over the development of Java when it purchased Sun Microsystems, will delay releasing a patch until its regularly scheduled patch day on 16 October.

“Oracle almost never issues out-of-cycle patches but hopefully they will… consider it serious enough to do it this time,” Mila Parkour, co-founder of DeepEnd Research, stated in a blog post on 27 August.

Speed is critical

Speed is critical, because the exploit has already started appearing in many of the tools used by attackers and offensive security experts, such as penetration testers. The Metasploit Project, which manages the development of the project of the same name, released on 26 August a module to exploit the vulnerability on all major platforms and browsers.

A beta version of the Blackhole exploit kit – a popular way for cybercriminals to compromise computers and manage the resulting botnets – has also included a version of the Metasploit attack.

After information on the attack came out, other security providers found signs of the attacks as well. Open-source security management provider AlienVault published details on 27 August of an attack similar to the one reported by FireEye. It also confirmed the link to the Poison Ivy rootkit.

“A module has just been published for Metasploit, so it is time to disable Java in all your systems,” the company stated. “And remember to search your logs for connections to the Domains/IPs related to this attack.”

How much do you know about technology for those with disabilities, and the people who use and develop it? Take our quiz.

Robert J Mullins, eWeek USA 2013. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Robert J Mullins, eWeek USA 2013. Ziff Davis Enterprise Inc. All Rights Reserved
Tags: FeaturedJava

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago