BlackHole exploit targets Java bug through browser-based attacks

A recently discovered Java exploit will have many updating, or even removing, the program.

A powerful new exploit has been identified in the wild that could turn PCs running outdated versions of Java into bots for spam or DDoS attacks, or even loot them for sensitive information.

As reported by Brian Krebs on his Krebs on Security blog, the exploit targets a vulnerability that Oracle disclosed and patched with the CVE-2012-0570 bulletin on February 14. The vulnerability essentially neutralizes Java's sandbox feature, which was designed to fend off such malicious attacks, Krebs explained.

RELATED: Useful security threat data advisory tools

The exploit, samples of which Microsoft warned about in a March 20 blog post, has since been packaged into the popular BlackHole exploit pack. BlackHole, a software toolkit that is sold among the cybercrime community, is typically attached to malicious websites for the purpose of infecting passersby through their web browsers. Wolfgang Kandek, CTO of Qualys, says BlackHole makes it easy for even those with limited technical knowledge or skill to launch large-scale malware attacks.

RELATED: Microsoft's MAPP reportedly hacked, RDP exploits coming sooner than expected

Considering Java is installed on more than 3 billion systems worldwide, Krebs sees it as no surprise that the exploit has been packaged for easy widespread distribution.

“Those visiting such sites with outdated browser plugins may have malware silently installed, and Java is almost universally the most successful method of compromise across all exploit kits,” Krebs wrote.

Krebs’ best recommendation was to remove Java altogether, a measure he has preached in the past as well. Claiming that “many people who have this powerful program installed simply do not need it, or only need it for very specific uses,” Krebs says Java really only brings more harm than good.

For those unwilling to part ways with Java, Kandek says updating to the latest version should patch the vulnerability. Going one step further, and an effective approach for those who cannot make the update, is a Windows configuration setting that limits Java to functioning on a select few trusted sites, Kandek wrote in his own blog post (check out his blog for more information on how to configure your Windows system for that).

As a long-term solution, Kandek also pointed out that the Internet Explorer and Google Chrome web browsers have functions that whitelist websites that need to run Java, a measure that could prevent accidental access to a malicious site from turning into a full-blown infiltration.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2012 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)