Latest Java poison romps on as ok.XXX4.net

Aug 28, 2012 by Nancy Owano report

(Phys.org)—Yet another Java-related computer threat, cross-platform, has been nailed by security researchers. An exploit was seen by FireEye researchers on Sunday, being hosted on a domain ok.XXX4.net. When successful, the exploit downloads and executes a malicious binary, which calls to another IP address/domain. The Java threat was reported by FireEye's security researcher Atif Mushtaq, who said on August 26 that the initial exploit "is hosted on a domain named ok.XXX4.net. Currently this domain is resolving to an IP address in China." Subsequent reports are that it was discovered on a server with a domain name that resolved to an IP address located in China, and that the malware once installed on systems attempted to connect to a command-and-control server believed to be in Singapore.

Numerous security watchers are calling this a worrying vulnerability in the latest version of Oracle's framework, which could get worse. The attackers have found a way to get at a vulnerability that affects the latest version of —Update 6—in order to infect computers with malware. More specifically, the affects Java 1.7 update 6.

Most recent Java run-time environments are vulnerable, added Mushtiuqe. "In my lab environment, I was able to successfully exploit my test machine against latest version of FireFox with JRE version 1.7 update 6 installed," he said.

Security experts warn that the exploit code works on several browsers and computer platforms. Once the initial attack is made, a second piece of software referred to as Poison Ivy is released that lets hackers gain control of the computer.

Numerous computer security firms are telling PC users to disable Java software until a patch is released. As of this writing, there was no patch from Oracle.

Oracle typically patches Java at given points throughout the year. The next patch is scheduled for October. The updates are supposed to be collections of for Oracle products. Oracle says on its site, however, that "Oracle will issue Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update."

As such, Java is gaining a dubious distinction as being not only globally ever-present but also among the apps most frequently exploited, taking its place on the throne alongside Adobe Reader and Flash. According to Oracle, 97% of enterprise desktops run Java. Under different circumstances, that factoid would sound far less menacing.

Explore further: Microsoft expands ad-free Bing search for schools

More information: blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html

Related Stories

Oracle Issues 36 Patches

Apr 18, 2007

The Critical Patch Update is among the smallest since Oracle began quarterly updates.

Recommended for you

Microsoft expands ad-free Bing search for schools

8 hours ago

Microsoft is expanding a program that gives schools the ability to prevent ads from appearing in search results when they use its Bing search engine. The program, launched in a pilot program earlier this year, is now available ...

Growing app industry has developers racing to keep up

Apr 20, 2014

Smartphone application developers say they are challenged by the glut of apps as well as the need to update their software to keep up with evolving phone technology, making creative pricing strategies essential to finding ...

Android gains in US, basic phones almost extinct

Apr 18, 2014

The Google Android platform grabbed the majority of mobile phones in the US market in early 2014, as consumers all but abandoned non-smartphone handsets, a survey showed Friday.

Hackathon team's GoogolPlex gives Siri extra powers

Apr 17, 2014

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Microsoft CEO is driving data-culture mindset

Apr 16, 2014

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

Expiorer
1 / 5 (2) Aug 28, 2012
like taking candy from a baby
kevinrtrs
1 / 5 (6) Aug 28, 2012
Seems like someone has it in for Oracle. Plenty of enemies around, what with Mr Ellison being so outspoken and definitely rubbing the competition up the wrong way.
The response will have to be really big - the company's future depends on it.

More news stories

Jacket works like a mobile phone

A fire is raging in a large building and the fire leader is sending a message to all firefighters at the scene. But they don't need a mobile phone – they simply check their jacket sleeves and read the message ...

Is nuclear power the only way to avoid geoengineering?

"I think one can argue that if we were to follow a strong nuclear energy pathway—as well as doing everything else that we can—then we can solve the climate problem without doing geoengineering." So says Tom Wigley, one ...

Male-biased tweeting

Today women take an active part in public life. Without a doubt, they also converse with other women. In fact, they even talk to each other about other things besides men. As banal as it sounds, this is far ...

High-calorie and low-nutrient foods in kids' TV

Fruits and vegetables are often displayed in the popular Swedish children's TV show Bolibompa, but there are also plenty of high-sugar foods. A new study from the University of Gothenburg explores how food is portrayed in ...