Hello, another Java 0-day exploit has been revealed!
January 17, 2013
It was 5 days and a few hours ago that I published a blog article about a recent Java vulnerability being exploited in the wild. In it I advised my readers to disable Java plug-ins from running in their browsers, or to uninstall Java altogether.
Then, three days later, on Jan 14, 2013, Oracle, the keeper and maintainer of the Java code, released an out-of-band patch to plug the vulnerability that was the cause of the exploits. This was done with the release of Java 7 update 11.
However, on Wednesday, Jan 16, 2013, Trend Micro researchers posted findings that revealed that the Oracle patch was incomplete and left a related attack vector open. A few hours later, a high ranking admin on a malware distribution forum offered to sell a working exploit of this new zero day exploit for a starting bid of $5,000 USD (see Brian Krebs' article), to two more individuals (he had already sold one copy). Within a short time his offer was taken down, leading Brian Krebs to postulate that the bidding had ended and all three copies of the hardened and ready to go exploit had been sold.
I know that there are some business programs and commercial web pages that operate with Java Applets, requiring users to have Java enabled in their browsers, and/or operating systems. These people cannot just uninstall Java hodge-podge. They want a workable method of keeping Java, but reducing their exposure to malware sneak attacks. Let's see if I can help a little.
First of all, Java can be uninstalled easily from most Windows computers, via the (Add/Remove) Programs (and Features) applet in the Windows Control Panel. All properly installed versions of Java will be listed in the list of installed programs which can be uninstalled, via a button press.
But, if you must keep Java on your computer, to use a mandatory program or website, here are some practical methods you can use to limit your risk of malware infection via Java. They are listed in what I consider to be the most easily deployed order.
- Go to Control Panel (Windows), find the Java icon, open it, update to the current version, then reboot.
- The newest version has a security level slider and a checkbox to disable Java plug-ins from your browsers. Set the security slider to the high or highest setting. Close and re-open your browser to get this to take effect.
- If you only need Java for a desktop or network application, not a website, uncheck the checkbox labeled: "Enable Java content in the browser" then apply the change.
- Browse with the most current version of Firefox. Firefox now disables Java applets by default and asks you if you wish to allow them to run when Java Applets are encountered on a web page.
- Many zero-day exploits, as well as nth day exploits assume that the user is logged in with administrator privileges, or with UAC prompts disabled. This enables silent, drive-by exploits to install malware into the operating system with no user interaction. Watch the video on the Malwarebytes' blog to see such an exploit in action.
- In view of how malware exploits use administrator level privileges to do their dirty work, consider lowering your privileges for the computer account you normally use to browse the Internet and run productivity applications. Read these articles for more details: (1) (2) (3)
- I can't tell you what malware protection to use, but I sure as my name's Wiz can recommend some that I use. I use a 4-fold approach to secure my PCs: (1): I operate with reduced user privileges; (2): I run Malwarebytes' Anti-Malware; (3): I run the current version of Trend Micro Internet Security; (4): I browse with the current version of Firefox, with the NoScript Add-On installed and enabled.
- Despite all of the above protections there is one more exploit vector: The weak link that exists between the chair and the keyboard. Use common sense while browsing the 'net. Unexpected alert boxes, pop-up scans and web page redirects are not business as usual. If something seems wrong, assume that it is and back out and close your browser, then scan for malware in the browser cache or temporary Internet files. Don't blindly allow programs to run or install just because a pop-up tells you to, especially if it is an "unsigned" or "Self-signed" program.
I hope this helps keep you safe from Java exploits. Doing the things I suggest will not just block the current zero-day exploits, but those to come.
Trend Micro Internet Security products, for home and office users, use in-the-cloud malware definitions that are updated every day, all day, as soon as new or altered strains of viruses and other malware are detected in the wild and analyzed. By offloading the bulk of these ever changing virus definitions to cloud servers, the load on your computers is greatly reduced. All users of Trend security programs are instantly protected from hostile web pages laden with malware exploits and hostile email, by the Trend Micro Smart Protection Network.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
Movable Type 4.38