Skip to main content

Watch Out for the Java 7 Malware Exploit

By January 14, 2013May 11th, 2021Blog

The new JavaJar-B Trojan horse was discovered a few short days ago. This new malware has, thus far, only been found exploiting Oracle’s update to Java, and only affects the newest version of runtime.

Sophos, a security company that excels in finding malware and viruses that exploit computer systems, has described the new exploit as a “zero-day attack,” which means that the Trojan was able to infect computers before anyone had a chance to investigate it and fix the problem. Not even Sophos is sure how to describe this vulnerability, but they included this information in its entry in the National Vulnerability Database:

“Unspecified vulnerability in Oracle Java 7 Update 10 and earlier allows remote attackers to execute arbitrary code via unknown vectors, possibly related to “permissions of certain Java classes,” as exploited in the wild in January 2013, and as demonstrated by Blackhole and Nuclear Pack.”

The Trojan has not been seen on Apple machines, though Linux and Windows have both seen their fair share of JavaJar-B. However, Apple products are expected to see this virus soon, as it is being distributed in Blackhole and Nuclear Packs, two hacker kits designed to exploit weaknesses in different operating systems.

Fortunately, if you’ve downloaded Java 7 already, you can take several steps to help secure your computer.

  1. Go to the Java Control Panel.
  2. In the Security section, uncheck “Enable Java content in the browser.” Your browser plug-in will be disabled.
  3. This single action will prevent any unwanted execution of exploits that could happen as you wander around the Internet.
  4. Then, change your security level in the same Security panel. Increase it from the default system of “Medium” to “High” or “Very High”. The high level will require approval each and every time unsigned Java code asks to run.

If you do not have Java installed, then this Trojan cannot and will not affect your computer.

 

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.