New malware exploiting Java 7 in Windows, Unix systems

A new Trojan horse called Mal/JavaJar-B has been found that exploits a vulnerability in Oracle's Java 7 and affects even the latest version of the runtime (7u10).

The exploit has been described by Sophos as a zero-day attack since it has been found being actively used in malware before developers have had a chance to investigate and patch it. The exploit is currently under review at the National Vulnerability Database and has been given an ID number CVE-2013-0422, where it is still described as relatively unknown:

"Unspecified vulnerability in Oracle Java 7 Update 10 and earlier allows remote attackers to execute arbitrary code via unknown vectors, possibly related to "permissions of certain Java classes," as exploited in the wild in January 2013, and as demonstrated by Blackhole and Nuclear Pack."

• U.S. tells computer users to disable Java software

The malware has currently been seen attacking Windows, Linux and Unix systems, and while so far has not focused on OS X, may be able to do so given OS X is largely similar to Unix and Java is cross-platform. Additionally, the exploit is currently being distributed in the competing exploit kits "Blackhole" and "NuclearPack," making it far more convenient to criminal malware developers to use.

Even though the exploit has not been seen in OS X, Apple has taken steps to block it by issuing an update to its built-in XProtect system to block the current version of the Java 7 runtime and require users install an as of yet unreleased version of the Java runtime (release b19). Additionally, the U.S. Department of Defense has issued an advisory to disable Java on systems that have it installed.

Luckily with the latest versions of Java, users who need to keep it active can change a couple of settings to help secure their systems. Go to the Java Control Panel that is installed along with the runtime, and in the Security section uncheck the option to "Enable Java content in the browser," which will disable the browser plug-in. This will prevent the inadvertent execution of exploits that may be stumbled upon when browsing the Web, and is a recommended setting for most people to do. If you need to see a Java applet on the Web, then you can always temporarily re-enable the plug-in.

The second setting is to increase the security level of the Java runtime, which can also be done in the same Security section of the Java Control Panel. The default security level is Medium, but you can increase this to High or Very High. At the High level, Java will prompt you for approval before running any unsigned Java code, and at the Very High level all Java code will require such approval, regardless of whether or not it is signed.

Since this threat is Java-based, it will only affect systems that have Java installed. Most platforms do not come with Java, but if you have installed it and do not need or regularly use it, you might consider removing it from your system. While Java is convenient for legitimate developers, its conveniences also help malware developers spread their harmful practices to multiple platforms.

This article originally appeared on CNET under the headline: "New malware exploiting Java 7 in Windows and Unix systems."

[bettis007]

Yeah removing Java is the best way. Then disable it anywhere you can within your web browsers.

<a href="http://www.digitalrxcloud.com/blog/new-malware-exploiting-java-7-in-windows-and-unix-systems/" title="New Malware Exploiting Java 7 in Windows and Unix Systems>New Malware Exploiting Java 7 in Windows and Unix Systems</a>

Christopher Bettis
Digital Rx Cloud LLC

[bettis007]

I just un-installed all versions of Java altogether;for myself and all my customers! Great article. Thanks.

http://www.digitalrxcloud.com/blog/new-malware-exploiting-java-7-in-windows-and-unix-systems/

[sallychicago]

Just read the information on the internet how to disable JAVA (not javascript). I just went through it for Chrome & IE9.

[getrealcowboy]

If this is so bad, how many people have gotten hurt? What have been the damages? How has Virus protectors done against this? I have done nothing and I use my PC all the time and I have had no problems. I do not plan on turning any think off. If I get hit I have other systems and this will be updated. I think this is just a fake. There may be some problems but there are new viruses everyday in every system. Microsoft, Apple, java, Virus Companies are always working on them. Disabling java will only hurt the people dumb enough to do so.

[getrealcowboy]

This is not set up to allow editing? Great! I had a spelling error.
Change think to thing. Add a comma after hit. This comment system needs work also. :)

[blueflagpalmetto]

OH Boy , I do not want to be in dark age .. disconnect a java from laptop and desktop ? if so how ?? help me , thank you

[foo8259]

Previous comments were erased?, anyway pulled from the cloud: Goto main control panel/Programs/Java/Java control Panel/Advanced/Java
Plug-In/then disable or uncheck : "Next Generation Java Plug-In." Also, if available, set JAVA security to the highest available setting. Me? I just un-installed JAVA from this Win 7 laptop.

Quite a drill down -- I hope this helps

[Floopty]

good news is that Apple doesn't really support Java for this exact reason!... Steve Jobs stated this years ago

[foo8259]

And that nasty, ad serving, FLASH!

[breichart]

That's not why at all. They did it so they can keep a closed system on their devices and dictate what you can and can't have, to force you to buy from their store. It was not a good thing, but was a really bad thing. That's was a bs excuse so that people like you would think they did it for the greater good. Not true at all.

[BloodThirstySavage]

If you think this has anything to do with disabling "scripts in your current browser" you might as well just go ahead and disable your Internet connection while you are at it. You probably shouldn't be using the Internet.

[foo8259]

Huh?

[foo8259]

Disable all scripts in your current browser! As Steve Jobs once implied, "these are only used to serve ads and virus scripts -- you don't need em."