August 31, 2012

Java Zero-Day Exploit Spreads Through Email, Oracle Issues A Fix

Michael Harper for — Your Universe Online

Earlier this week, a zero-day flaw vulnerability in Java was discovered, making both Mac and Windows machines vulnerable to drive-by attacks as they surfed the web.

When it was first discovered, this flaw was being used to attack a Chinese web server and not much else. Many members of the hacking and security community got a hold of this Java exploit, however, making its use increasingly widespread. Not long after, the exploit was integrated into the BlackHole kit, a piece of hacking software which is sold in the seedy back alleys of the Internet.

Yesterday, the security experts at Sophos discovered the zero-day exploit is being used by many different criminal groups in malicious emails. Later in the day, Oracle suddenly released an emergency update to Java to address these exploits.

According to Sophos, these criminal groups are sending out messages in Dutch concerning an impending increase in the Value Added Tax (VAT) rate. Those users who are lured into clicking one of the links in the malicious email will have their machines instantly attacked by this exploit.

In one of their global spam traps used to collect such emails, Sophos was able to retrieve one of these messages. Purported to be from the Dutch branch of the BDO Stoy Hayward accountancy firm, the subject of the message reads:

“Let op! BTW tariefverhoging per 1 oktober 2012,” or, in English, “Attention! VAT rate increase per 1 October 2012.

The email, which isn´t actually from the accountancy firm, then goes on to discuss about an increase in VAT. The email also contains a link which is said to direct users to a page prepared by the Ministry of Finance.

“Look what the VAT increase for you can mean. You will also find useful tips to correct the increased VAT to implement in your organization. For entrepreneurs, the VAT increase sales or no additional cost. For individuals, prices will rise. Keep an eye on the changes, an error using the correct VAT rate may result in additional tax,” reads the malicious email.

Once on the site, the Java zero-day vulnerability is taken advantage of, and the users´ computer is instantly infected.

Though the exploit started off small, its rapid growth and use was causing many to become quite concerned about the vulnerability, with many security experts admonishing Internet users to simply uninstall or disable Java on their browsers.

The experts at F-Secure, for instance, expressed their concern this way: “Since this is the most successful exploit kit + zero-day“¦ que horror. Please, for the love of your computer disable Java on your browser.”

Oracle has released an update to Java which aims to address this vulnerability and quell the exploits. This update is out of the cycle for Oracle, and even included some patches vulnerabilities which were unknown. According to Sophos, these vulnerabilities may have only been in use in the wild.

It´s likely anyone who truly needs to leave Java installed on their browsers knows they need it, and knows exactly why they need it. Those users who aren´t sure would do well to play it safe and simply disable Java. As Sophos puts it, “If you can get by without it, you should. That is true for any application that interfaces with the internet. Fewer programs means fewer vulnerabilities.”