Tag Archive | java exploit

Java C00l Blend Exploit

Over the New Year period 0-day exploits have been rampaging around. In our threat control lab we have looked into hits for the recently discovered 0-day that exploits a vulnerability (CVE-2013-0422) in the latest version of JAVA (1.7 update 10).

Our records imply that an exploit, from cool exploit kit, has been on the hunt from January 8th this year, if not before. Example file names seen so far are 2233.jar, 2332.jar and some randomised ones, downloaded from different domains that serve the exploit and other malware.

The 0-day under discussion, on successful execution on a victim’s machine, exploits the vulnerability in the java environment and downloads a Windows executable file, which currently happens to be a Ransomware Trojan in most of the occurrences.

Fortunately, K7 users are pro-actively shielded from this 0-day attack by the Carnivore technology embedded in K7 security products. Here is a screenshot that depicts K7 security products blocking an attempt to exploit the vulnerability.

exploit

exploit

V.Dhanalakshmi
Malware Analyst, K7TCL

The Oracle May Foresee a Storm in a Coffee Cup

Let’s wake up and smell the coffee.

There have been several security write-upsabout the recent 0-day java vulnerability CVE-2012-4681. Oracle itself only issued a bulletinrecently, but the vulnerability has been right royally exploited in the wild by cyber criminals in Russia and China (well, no surprises there).

 

It has been a turbulent week or so, with the same exploit code first being used in a targeted attack, and later being commercially incorporated in bog standard exploit kits. Indeed, a fair amount of bad news.

Fortunately, Oracle has now provided the security update to patch the vulnerability. We recommend applying this ASAP if you are running java. Note, however, that K7′s Carnivore technology was already blocking attempts to exploit CVE-2012-4681, right from day zero. Further more, many of the known bad URLs were already blocked by K7′s SiteBlocker, generics playing a part. Finally, the exploit JARs and the associated binaries have been tackled in a proactive fashion. This means the K7 fortress around the user has kept things safe and secure.

 

Samir Mody
Senior Manager, K7TCL