Jump to content
Login with your Gmail HERE and start posting in seconds! ×

New Malware Exploiting Java 7 In Windows And Unix Systems

Maestro

By Maestro
in IT and Computers

 Share

Recommended Posts

ronz28 Gold Member

ronz28

Posted
Posted

I used one financial website application that wouldn't run for me now that I have uninstalled JAVA. Their website wanted to install the latest JAVA update to run their application, which I declined. Customer service wanted to assure me its safe since they use HTTPS. I doubt that would solve the JAVA security issue so I told them no thanks. Fortunately, they have a new application that uses Adobe Air to provide most of the same information. I hope its more secure than JAVA.

Link to comment
Share on other sites
draftvader Platinum Member

draftvader

Posted
Posted (edited)

I used one financial website application that wouldn't run for me now that I have uninstalled JAVA. Their website wanted to install the latest JAVA update to run their application, which I declined. Customer service wanted to assure me its safe since they use HTTPS. I doubt that would solve the JAVA security issue so I told them no thanks. Fortunately, they have a new application that uses Adobe Air to provide most of the same information. I hope its more secure than JAVA.

This site is a good place to start studying your software.

http://www.cvedetails.com/product/11602/Adobe-Adobe-Air.html?vendor_id=53

Edited by draftvader
  • Like 2
Link to comment
Share on other sites
  • 2 weeks later...
  • 3 weeks later...
  • 2 weeks later...
klikster Platinum Member

klikster

Posted
Posted

Hackers are exploiting a previously unknown and currently unpatched vulnerability in the latest version of Java to surreptitiously infect targets with malware, security researchers said Thursday night.

The critical vulnerability is being exploited to install a remote-access trojan dubbed McRat, researchers from security firm FireEye warned. The attacks work against Java versions 1.6 Update 41 and 1.7 Update 15, which are the latest available releases of the widely used software. The attack is triggered when people with a vulnerable version of the Java browser plugin visit a website that has been booby-trapped with attack code. FireEye researchers Darien Kindlund and Yichong Lin said the exploit is being used against "multiple customers" and that they have "observed successful exploitation."

The security of Java is reaching near-crisis levels as reports of new in-the-wild exploits have become an almost weekly occurrence over the past few months.

http://arstechnica.com/security/2013/03/another-java-zero-day-exploit-in-the-wild-actively-attacking-targets/

Link to comment
Share on other sites
Chicog Star Member

Chicog

Posted
Posted

I've been testing FireEye this week. It actually gives you a nice look at the infection vector.

A particular (and valid) site gets hacked and the hackers simply divert a link elsewhere so the website A/V doesn't pick it up.

It quietly downloads java to your PC and hey presto!

Really, just turn it off. It's beyond a ****ing joke.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.










×
×
  • Create New...