We all see the reminders to update Adobe Reader, Adobe Flash, and Java frequently. There is good reason not to put this task off: The trusted researchers at AV-TEST Institute found that 66 percent of affected Windows systems are victims of malware that took advantage of exploits found in Reader, Flash, and Java.
During the 10-year study, they found that Adobe Reader has nearly 37,000 recorded variants that exploit user machines with “high levels of precision.” Java gets the top spot for exploit attacks with a whopping 82,000 attack variations available against the multiple versions of software on 3 billion devices worldwide.
Can I just stop using Java or Flash?
Does avast! Antivirus provide protection?
Several days ago we received a complaint about javascrpt.ru. After a bit of research, we found that it tries to mimic ajax.google.com and jquery, but the code is an obfuscated/packed redirector.
After removing two layers of obfuscation, we found a list of conditions checking visitors’ user Agent. From these conditions. we got a clue and focused on mobile devices.
A serious new vulnerability notice about Java exploits has been issued by the Department of Homeland Security’s Cybersecurity Division. Java 7 Update 10 and earlier contain a vulnerability that can allow a remote attacker to execute malware on vulnerable systems.
A French researcher called Kafeine discovered that a number of websites using the exploit are able to download files directly to the victim’s computer, and execute actions such as installing ransomware. “Hundreds of thousands of hits daily where i found it,” he wrote on his blog. “This could be a mayhem.”
Disable Java in web browsers
Some webpages may include content or apps that use the Java plug-in. There is no fix for this yet, so it is recommended that you protect yourself by disabling Java in your particular browser. Please see our previous blog How do I disable Java in my browser for instructions.
For a higher level of security, it is possible to entirely prevent any Java apps from running in a browser by de-selecting Enable Java content in the browser in the Java Control Panel under the Security tab. Disabling Java through the Java Control Panel will disable Java in all browsers.
Thanks for reading the avast! blog. As Jiri Sejtko described in our blog today, serious security flaws in Java version 7 allow hackers to take control of PCs and Macs. The Avast Virus Lab is releasing generic detections and using behavioral and dynamical detection mechanisms to protect our users, however they also recommend that you disable Java in your browsers. The Virus Lab explains the exploit in details on our blog, and here are instructions on how to unplug Java from different browsers.
For Windows: go to Start > Control Panel, click the Uninstall a program link. Find Java on the list of programs. If you have version 7, uninstall it.
For Mozilla Firefox: From the main menu select Tools > Add-ons. In the Add-on management window, choose Plugins. Find any plugins on the list that say Java and click the Disable button. Restart Firefox.
For Google Chrome: Type “chrome://plugins/” (minus the quotes) into the browser address bar. Find any plugins on the list that say Java and click the Disable button.
For Internet Explorer: I have been told that disabling Java in IE is complicated. The U.S. Computer Emergency Response Team (USCERT) has some steps here. This may be a good time to switch to a different browser.
For Safari: Click Preferences > Security tab > uncheck the Enable Java option.
For Opera: Type “opera:plugins” (minus the quotes) into the browser’s address bar. Find any plugins on the list that say Java and click the Disable button.
For OS X 10.7 and 10.8: go to Macintosh HD/Library/Java/JavaVirtualMachines/ and remove the 1.7.0.jdk file. Older versions of OS X run Java 6.
Also, make sure that you have up-to-date avast! antivirus protection because avast! detects the latest Java zero day exploit in real time as Java:Dong-A [Expl] . We would appreciate your recommendation as well. We make it easy to share with your Facebook friends via our Recommend avast! app. Thank you!
edit: added Opera instructions
New vulnerabilities in the Oracle’s Java Runtime Environment (JRE) have been recently discovered in the wild (first vulnerability originally reported by Fireeye, the second described by Esteban Guillardoy). The vulnerabilities targets newest version of JRE (1.7) and even with the latest update (JRE 1.7 update 6) your machine is in danger and easily exploitable. According to the Oracle’s patching cycle the patch is out of sight. So scary and Java again! But it is even worse!
The most successful exploit kit has quickly adopted these bugs which was predicted by the Brian Krebs earlier. So, all the current Blackhole campaigns use these exploits in order to infect victims. In addition, the exploitation is confirmed to work using Internet Explorer, Firefox, Opera, Google Chrome and also Safari on multiple platforms including Windows, Linux and MacOS.
Do you really think this can’t be worse? Oracle knew about these (and also other) vulnerabilities since April according to the Adam Gowdiak, the founder and CEO of Polish security firm Security Explorations.