Java Exploited

Java the most popular computer software that runs on almost on every application platforms from embedded devices and mobiles phones to enterprise servers and supercomputers. Though it is the most popular software It is no longer safer, as recently a zero-day vulnerability has been discovered in almost all of the current version of Oracle’s Java software leaving millions and billions of MAC and PC users at risk.

Cyber criminals are using this vulnerability to exploit billions of users by installing malware on the MAC and PCs. Security researchers at Trend Micro have claimed that this vulnerability has affected the latest version of Java and the older versions of Java 1.6 and Java 1.7 are not affected by this zero-day exploit.

According to the researchers, the URLs hosting this zero-day exploit is somewhat similar to the URLs seen in the attack launched by the Pawn Storm that targeted the NATO (North Atlantic Treaty Organization) members and White House in April 2015. And this can be sure that cyber criminals will be again trying to target the defence agencies and NATO members with the help of this new zero-day exploit.

So far the technical details of the exploit have not been disclosed in the public and the patch has also not been released by the company. While the company has confirmed to release the patch for the vulnerability but has not provided any timeline for this patch as to when the patch will be out.

Cyber criminals are targeting their victims by sending out the email messages by spreading the malicious link that hosts zero-day exploit. Once clicked on the malicious link, the exploit code delivers the Trojan dropper, TROJ.DROPPR_CXC, that drops a payload known as TSPY_FAKEMS.C to the login user folder.

And once exploited it executes the arbitrary code on the default Java settings thus comprising the overall security of the system.

[SOURCE: Trend Micro]