Posts tagged #Java

Mac OSX Java Malware: OSX/Flashfake.c

This Trojan is installed via exploitation of a flaw in Oracle Java (CVE-2012-0507). The Mac OS X - based malware masquerades as an Adobe Flash Player install.

Upon infection the malware will install fake/rogue security software, and allow for the downloading of additional malicious components, sensitive data extrusion, and other malicious control methods.

Infected hosts report back to an external server and can receive further instructions/payloads via that method (C&C / bot-based control). CVE-2012-0507 is an Oracle Java vulnerability, which was patched by Apple (as a 34rd party component) in April 2012.

Therefore....make sure your OSX software is up to date

 

Posted on April 7, 2012 by Jonathan Green and tagged Java Mac Malware Trojan Vulnerability.

Lady Gaga and Rhianna Lyrics sites exploit Java malware

It seems as though a vulnerability in Sun Java (which they say apparently isn't bad enough to patch out of band!) has already been exploited, whereby visitors to some lyrics sites will automatically be infected.

It appears as though Macs are not affected.

Please be aware and pass on to anybody who frequents these sites.

 

Here's a blog post by Roger Thompson of AVG

"Heads up - 0day ITW - Rihanna is a lure

Hi folks,

On April 9th, Tavis Ormandy published a proof of concept about how to use the latest version of Java to compromise a pc. You can read about it here. He notified Sun, but they weren't concerned enough to break their patch cycle, so he published the code. 

The problem is that when Sun released Java 6, update 10 in April 2008, they introduced a new feature (it's not a bug, it's a feature folks) called Java Web Start. In order to make it easier for developers to install software, they created a method to execute a program from a website. 

Duh

Now, hindsight is always 20-20, but it doesn't take a massive gift of insight to imagine the Bad Guys thinking that was a good idea for them too.

Because they designed it as a feature, it works, of course, with both IE and Firefox.

 The code involved is really simple, and that makes it easy to copy, so it's not surprising that just five days later, we're detecting that code at an attack server in Russia.

The main lure so far seems to be a song lyrics publishing site, with Rihanna, Usher, Lady Gaga and Miley Cyrus being used, among others. Who'd have thought that Miley could be dangerous??? As soon as we figure out what's wrong with the lyrics site, we'll let them know so they can fix it.

Of course, this'll soon likely be everywhere, so Sun will need to issue an out of band patch.

In the mean time, to stay safe, you can either follow the mitigation strategies outlined by Tavis, or install LinkScanner.

So far, it's not in any of the exploit kits, as far as we can see, but it's a given that it soon will be. Tick.. tick.. tick..."

And a page about it a SC Magazine.

 

Posted on April 15, 2010 by Jonathan Green and tagged Java Windows exploit web.