NEWS
NEWS
NEWS
Vulnerable Java Coats PCs in Poison Ivy, Zero-Day Exploits Abound
Poison Ivy, a common backdoor Trojan that has been infecting computers from some time, is being injected by Chemical biz ‘Nitro’ hackers via the now much-vulnerable Java. Team Nitro, which was the culprit behind the last year’s industrial espionage attacks, is again using holes in Oracle’s Java software to install Poison Ivy on victims’ Windows machines. The same was detected by Symantec, which uncovered a string of cyber attack against 48 companies involved in chemical and military industries last year.
According to Symantec’s findings, the group uses malicious Java applet bypasses security checks to execute the Poison Ivy malware, and opens a backdoor on infected PCs to allow a remote malicious user to gain control of the system. Nitro attackers are sending out emails to their targets with direct links to Poison Ivy executables in early August 2012. Attackers spread malware simply by tricking users into visiting booby-trapped websites, where malicious code is loaded onto vulnerable computers without user interaction.
Another vulnerability is in the form of recent wave of attacks, which was discovered with the same command servers and components with the same file names as last year’s assault. In this attack, they acquired the Java zero-day exploits from a Chinese exploit pack known as Gondad or KaiXin (similar to Nitro’s attacks), and incorporated those into criminal operations using the BlackHole Exploit Kit. These exploits were introduced in Java 7.0, which means that all versions of Java 7 are vulnerable, while older Java 6 versions appear to be immune. So, we can understand that Mac OS X users, who apply the latest version of software applications, are more at risk of attack.
Therefore, dual vulnerability is detected in the most recent version of Java, in the form of zero-day exploit and Blackhole Exploit kit.
Sean Sullivan, a security adviser at F-Secure, commented: “The perpetual vulnerability machine that is Oracle’s Java Runtime Environment (JRE) has yet another highly exploitable vulnerability (CVE-2012-4681). And it’s being commoditised at this very moment. There being no latest patch against this, the only solution is to totally disable Java.”
And the best thing users can do to prevent the attack is to disable Java in web browsers, the most obvious attack route. For example, when you disable Java in Chrome, it’s still possible to enable the technology for a specific site that users trust. This is a useful exception for banking and other similar sites that require the use of Java.
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
