Exploit kit offers to install Java if you don't already have it
September 15, 2012
Many of my blog articles involve warnings about vulnerabilities in Java plug-ins for browsers. Criminals love Java because it has so many exploitable code issues that as soon as one is fixed, another is discovered. Successful exploits cause malicious code to jump out of the Java "sandbox" and into your operating system. Security bloggers like me are always advising our readers to uninstall Java for their safety and many are heeding this advice.
If you ready security blogs, like this one, you will often see the term "exploit kit." Usually, we discuss the most common exploit kit in use these days: "The BlackHole Exploit Kit." It is expensive, but gets incredible results because it targets the most recent vulnerabilities found in Java technology. Victims are lured to exploit kits by links in spam emails, or on compromised websites. However, if a potential victim arrives and does not have Java installed, a Java only exploit kit fails to infect that person's computer.
As a backup plan, some exploit kits also test for the presence of Adobe Flash, or Reader, or Acrobat. If any of these are installed and are not the latest, patched version, the computer may be taken over through those plug-ins. But, if the victim's computer is fully patched and is not running Java at all, some exploit writers (Crime Boss Exploit Kit) have found a way to get one more crack at you before letting you move along. How? They tell you that Java is required to view the important details on the (exploit) page and provide a download link to you! Clicking on the download link results in an unsigned certificate alert popping up, warning that you may be downloading harmful software (Windows PCs).
Smart computer users will not fall for this type of ruse. Warn your parents and elderly friends and relatives about these social engineering tricks! The cyber criminals operating exploit kits are mostly looking for low hanging fruit. Un-savvy computer users are an easier target. Savvy users don't usually use Internet Explorer as their default browser, due to its terrible history of exploitability (esp. via ActiveX attacks). All browsers are exploitable to some degree, but unlike IE, Firefox and Chrome are updated so frequently that vulnerabilities have a very short window of opportunity to exploit them.
I'll repeat my previous advice. If you find that your computers have Java installed and you are not on a business network that requires workstations to use Java, uninstall all versions you find listed in your Control Panel (Windows) or Finder (Mac). If you run Linux, check your installed software and remove Java if it is installed. If you must use Java, set it to automatically check for updates on a daily basis, then manually check for updates. Oracle maintains Java and is slow to update it, while criminals are quick to exploit it.
Every single exploit kit I have seen or read about uses "JavaScript" to probe your computer for vulnerable software. If you disable JavaScript for unknown or untrusted websites and get lured to an exploit kit, nothing at all will happen. You will see whatever H1 heading they have written into the code (e.g. "Please wait ... Loading"), but none of the functions and "eval" statements can run. I use the NoScript add-on for Firefox and the ScriptNo extension for Chrome. Both are free and disable Java, JavaScript and Flash by default, unless you explicitly allow them to run for that website.
In addition to uninstalling Java, disabling JavaScript by default and keeping Adobe software updated and your operating system and browsers patched, there is one more step I recommend that you take. If you currently operate an a computer administrator, reduce your privileges to those of a limited user. I have instructions for doing this on my user account privileges page. Any software you attempt to install will present you will hoops to jump through and will require an Admin password before the installation can occur. You might be tricked by a really clever attacker, but they cannot use a silent "drive-by" exploit without your knowledge and interaction.
Finally, make sure you have an active, current version of a major anti-virus and anti-malware program installed and kept updated on a daily basis, or even more often. My anti malware programs are automatically updated on an hourly basis and I have them scan twice a day (morning and night).
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.