Featured Articles

KitKat has more than a fifth of Android users

KitKat has more than a fifth of Android users

Android 4.4 is now running on more than a fifth of Android devices, according to Google’s latest figures.

More...
Nvidia introduces five new Quadro cards

Nvidia introduces five new Quadro cards

Nvidia has revamped its Quadro professional graphics line-up with a total of five new cards, two of which are based on…

More...
AMD Tonga XT graphics cards come later

AMD Tonga XT graphics cards come later

According to sources who wish to remain unnamed, we should see an AMD Tonga XT-based graphics card launched sometime in September.

More...
Nvidia Maxwell Geforce 800 comes in September

Nvidia Maxwell Geforce 800 comes in September

Nvidia was always cautious when talking about upcoming Maxwell parts, the first of which was launched back in March and based…

More...
Aerocool Dead Silence reviewed

Aerocool Dead Silence reviewed

Aerocool is well known for its gamer cases with aggressive styling. However, the Dead Silence chassis offers consumers a new choice,…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Tuesday, 14 May 2013 11:46

Java fast becoming an attack vector of choice

Written by Nick Farrell



Holy art thou

Microsoft research is showing that there has been a spike in malware targeting Java vulnerabilities since the third quarter of 2011. Much of the activity has focused on vulnerabilities which are already patched. This suggests that attackers are hitting vulnerabilities that are in multiple versions of Java, rather than just one specific version. Jeong Wook Oh of Microsoft said that in Q3 and Q4 of 2012 two new vulnerabilities, CVE-2012-4681 and CVE-2012-5076, were found. 

“But we didn’t observe any prevalence of Java malware abusing these newer vulnerabilities above malware abusing the older Java vulnerabilities, CVE-2012-0507 and CVE-2012-1723. The reason behind this might be that only Java 7 installations were vulnerable to CVE-2012-4681 and CVE-2012-5076, whereas CVE-2012-0507 and CVE-2012-1723 also target Java 6,” he said.

As there are still many users that use Java 6, the malware writers might have tried to target Java 6 installations by including older vulnerabilities in the exploit package. During 2012 there were two kinds of Java vulnerabilities one applied to both multiple versions of Java including Java 6 and 7, and the others only applies to Java 7.

“So when new vulnerabilities that are only applicable to Java 7 are discovered, the attacker’s strategy was usually to combine it with older vulnerabilities that cover more versions of Java. In that way, they could achieve more coverage than just using a single exploit in one package,” Oh said.

Of the four Java vulnerabilities from 2012 only one of which was a zero day vulnerablity. The other three flaws already had patches available when the malware targeting them appeared. The warning here is to install patches as soon as they come out.

Nick Farrell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments