Java 7 Zero-Day Exploit Used to Distribute Reveton Ransomware

The best way for users to protect themselves is to disable Java

By Eduard Kovacs on January 11th, 2013 12:30 GMT

The recently discovered Java 7 zero-day exploit has been utilized to spread variants of the Reveton ransomware, according to experts from security firm Trend Micro.

This doesn't come as a surprise, considering that the exploit is said to be contained in the new Cool Exploit Kit, which is mainly utilized to spread such threats.

Trend Micro has already updated its products to detect not only the webpages that load the exploit code, but also the payloads they serve.

Other security solutions providers will likely do the same, if they haven’t done so already. However, the best way for users to protect themselves against the threat is by disabling or completely removing Java.

US-CERT has also issued an advisory to warn users about the vulnerability and they also recommend disabling Java until a proper patch is issued.

Earlier today, our friends from Security Explorations have revealed that this issue would not exist in the first place if Oracle had properly addressed a vulnerability they reported (Issue 32) to the company back in August 2012.

“This is not the first time Oracle fails to ‘sync’ security of Core and new Reflection APIs. Just to mention the Reflection API filter,” Adam Gowdian, CEO of Security Explorations, told us in an email.

“This is also not the first time Oracle's own investigation / analysis of security issues turns out to be not sufficiently comprehensive. Just to mention Issue 50, which was discovered in the code addressed by the company not so long ago.”

It remains to be seen if Oracle releases a hotfix for this issue. However, it’s unlikely, especially if we consider that they still haven’t addressed the vulnerability that affects Java 5,6 and 7, not even after experts demonstrated that it would only take them around 30 minutes to do so.
Reveton ransomware
   Reveton ransomware
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments