Wednesday, April 14, 2010

Dangerous Java flaw being exploited in the wild

Just one more reason to use DropMyRights (there is a good 3-part write-up on it here) to run any Internet-facing application like browsers, email, music players, and so forth, and why you should use Firefox with NoScript and AdBlock Plus as your primary browser. Of course, you could also run as a Limited User, which is what I do on my home computer, but business users often have software which requires administrator rights on XP. Anyway, I recommend Firefox+NoScript or disabling Java until this is fixed.

Java zero-day flaw under active attack | Zero Day |
Just days after Google researcher Tavis Ormandy released details on a dangerous new Java vulnerability, malicious hackers have pounced and are exploiting the flaw in the wild to launch drive-by download attacks.

Virus hunters have spotted the attacks on a popular song lyrics Web site. Any visitor to that Web site with the Java Plugin for Browsers installed (Internet Explorer or Firefox) will get infected with malware.

According to AVG’s Roger Thompson, the attacks are likely to spread because of the simplicity in launching a successful exploit: ....

Unpatched Java Exploit Spotted In-the-Wild — Krebs on Security
Last week, a Google security researcher detailed a little-known feature built into Java that can be used to launch third-party applications. Today, security experts unearthed evidence that a popular song lyrics Web site was compromised and seeded with code that leverages this Java feature to install malicious software.

On April 9, Google researcher Tavis Ormandy posted to the FullDisclosure mailing list that he’d discovered he could abuse a feature in Java to launch arbitrary applications on a Windows PC using a specially-crafted Web site. Ormandy said the feature had been included in every version of Java since Java 6 Update 10, and was intended as a way to make it easier for developers to distribute their applications. Along with that disclosure, Ormandy published several examples of how attackers might use this functionality in Java to load malicious applications onto a user’s system.

As of this morning,, a site that according to traffic analysis firm receives about 1.7 million visits each month, was loading code from, a Russian Web site with a history of pushing rogue anti-virus.

No comments: