contadores de paginas web Saltar al contenido

Important: check your Java version and update (Demo of a video attack)

troyano camuflado con java

A few days ago, a 0-Day vulnerability was detected in Java that was being exploited to carry out targeted attacks. Over the hours, the exploit that allows it to be exploited became public and is now used by cybercriminals from all over the world to infect users.

The solution: update to the latest available version, which today is Java 7 Update 7 or directly uninstall Java if it's not something you use frequently. To verify which version you have installed, click here.

Why are there so many problems with Java?

In 2010 I commented that the Java platform was the number one target of attackers and today it remains the same. Why? This question is answered very well by Marcelo Rivero in this comment from ForoSpyware that I quote below:

– It is a widely used system with practically more than 85% of users.

– It has many vulnerabilities that, as they have never been thoroughly searched, find new ones every month without patching.

– These vulnerabilities are sold cheaper on the black market than would be a 0-day for Windows.

– Patches and updates tend to take a long time to come out and when they come out it is difficult for the user to know.

– It allows infecting computers with what is known as Drive-by-Download which is the same as just visiting a website and if you need to run anything, the computer may be infected.

– And something very important is that, the vast majority of users do not know what JAVA is for or if they even have it installed or not on their computer, much less if it is updated.

Video demo of last detected 0-day (affects Java 7 Update 6 and other previous versions):

In the following demo I show the exploit load by following the Metasploit instructions and what happens when the victim visits a page that contains a malicious Java Applet. In short, it gets infected unknowingly by having a vulnerable Java version.

Something similar to the video is what cybercriminals do automatically with BlackhatSEO attacks and fake page builders with Java. It is worth mentioning that through Java not only Windows users can be infected, but also Linux and Mac users.

Is antivirus helpful? Antiviruses are always a help but they are not the definitive solution. Although they have the ability to block attacks that are carried out using Java, they are not effective in 100% of cases.

In other words, they are like the safety belt of the car, by using it you will be much safer but it will not save you from all the accidents you may have.

Java applications are often used to camouflage trojans and go unnoticed in the eyes of antivirus, as can be seen in the following scheme published on inreverse.net:

Here is an executable called dropper.exe which is harmless to antivirus and download a harmless Java application. It runs two .exe that do nothing wrong, just download the same application again .jar but this time, on the second round, one of the .exe files will download to the Zeus Trojan.

Do you have java

On the Java website you can check if you have it installed and also the version. Remember that you should always have the latest available.

Finally, mention that some companies like Zscaler have created pages to test if your computer can be attacked through exploits that take advantage of the latest vulnerability. You simply have to access the web and see the result.