Java Zero-Day Sees ‘Mass Exploit Distribution’

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

The flaw reported yesterday has already escalated and hit mass distribution

Oracle isn’t being drawn into saying anything on a Java zero-day flaw that emerged yesterday, despite widespread adoption by exploit kits and evidence it is being used to serve up nasty malware.

Trend Micro said it believed the flaw had been integrated into hackers’ toolkits like Blackhole and  the Cool Exploit Kit, serving up the Reveton ransomware from compromised websites.

“Reveton is one of the most common ransomware threats in existence today; these lock user systems and show spoofed notifications from local police agencies,” Trend noted in a blog post.

“These inform users that to unlock their system, they must pay a fine ranging from $200 to $300.”

Zero-day exploits

Kaspersky said the the zero-day had seen “mass exploit distribution”. We have seen ads from legitimate sites, especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java zero-day,” wrote Kurt Baumgartner, Kaspersky Lab expert.

“These sites include weather sites, news sites, and of course, adult sites.”

Security researchers have advised users to disable Java or, if they need it to run, disable Java content via the Java Control Panel, which stops it running in webpages.

Meanwhile, the exploit module targeting the vulnerability has been uploaded to Metasploit, meaning pentesters and cyber crooks alike will be able to see what they can do with the flaw.

Oracle did not respond to a request for comment.

What do you know about online security? Try our quiz and find out!