Java Still Presents Soft Target for Malware Threats

Saturday, November 13, 2010



SANS researcher Daniel Wesemann recommends Java users become more vigilant in the application of security updates to avoid threats from drive-by exploits.

This recommendation comes on the heels of Microsoft's recent report that highlighted an "unprecedented wave of Java exploiting."

"It doesn't look like the situation has improved since, and the bad guys are taking advantage. Not surprisingly, the FAQ document on 'Virus found in my Java Cache Directory' is ranked third most popular of all the issues listed on".

The infection most often occurs when users encounter a website that has been "injected with the exploit," which initiates a self-executing applet download via Java.

An illustration of the infection process is detailed in Wesemann's blog, and he recommends that, "If you haven't done so yet, hunt down and patch every incarnation of Java on the PCs that you are responsible for."

The exploit is still being proliferated despite the fact that a patch to prevent the infection has been available since July, which is evidence that users have not been as proactive about securing Java as regularly as they update Windows patches.

Automatic update settings are the best way to stay current, and will ensure critical patches are installed in a timely manner.


Possibly Related Articles:
Viruses & Malware
Java SANS malware Patch Management Exploits Headlines
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.