Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Java: A Gift to Exploit Pack Makers.


11 Oct 2010   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Java: A Gift to Exploit Pack Makers.

Quote:

I have long urged readers who have no need for Java to remove the program, because failing to keep this software updated with the latest security patches exposes users to dangerous, ubiquitous attacks. In this blog post, I’ll show readers how attacks against Java vulnerabilities have fast emerged as the top moneymaker for authors of the best-selling “exploit kits,” commercial crimeware designed to be stitched into hacked or malicious sites and exploit a variety of Web-browser vulnerabilities.

Take one look at the newest kit on the block — “Blackhole” — and it is obvious that Java vulnerabilities continue to give attackers the most mileage and profit, and have surpassed Adobe flaws as the most successful exploit vehicles.




I spoke briefly via instant message with the developer of this Blackhole kit (pictured at right), and he assured me that these images were taken from a working installation. The screen shot here shows the administration panel for this exploit pack, which lists the number of hits (хиты) and downloads (загрузки). The statistics show that on average this kit finds a working exploit that it can use to install malicious software on a visiting host about 10 percent of the time.

Granted, as exploit pack administration pages go, this one is very young (13,289 hits at the time this screen shot was taken), but already some patterns emerge from the data. For example, we can see that Java vulnerabilities are by far the most useful, comprising more than 90 percent of all successful exploits.

This pattern is not confined to Blackhole. Have a look at the following three screen shots, taken from the exploit results pages of three different working installations of SEO Sploit Pack, another common exploit kit. All three screen shots clearly show Java vulnerabilities are the most productive, accounting for between 50 and 65 percent of malware installs or “loads” (thanks to Malwaredomainlist.com for help on this).
More -
Java: A Gift to Exploit Pack Makers — Krebs on Security

My System SpecsSystem Spec
.

12 Oct 2010   #2

Windows 7 Professional 64 Bit SP1
 
 

I haven't found many uses for Java and recently I have only been using it for one website :/

My machine came with the 32 bit and 64 bit version of Java (update 17) and they both refused to update properly. After updating I had like four versions of Java on my computer

But all that java stuff is removed now
My System SpecsSystem Spec
12 Oct 2010   #3
JMH

Win 7 Ultimate 64-bit. SP1.
 
 

Quote   Quote: Originally Posted by Rei Tumult View Post
I haven't found many uses for Java and recently I have only been using it for one website :/

My machine came with the 32 bit and 64 bit version of Java (update 17) and they both refused to update properly. After updating I had like four versions of Java on my computer

But all that java stuff is removed now
I believe that is a common problem....
My System SpecsSystem Spec
.


12 Oct 2010   #4

W7-Enterprise + WS-2008 (Converted to Workstation)
 
 

thanks JMH !
My System SpecsSystem Spec
Reply

 Java: A Gift to Exploit Pack Makers.




Thread Tools



Similar help and support threads for2: Java: A Gift to Exploit Pack Makers.
Thread Forum
JAVA Exploit Remedy? System Security
Yet another Java exploit thread. System Security
Exploit:Java/CVE-2010-0840.IO help. System Security
Only 9 of 22 virus scanners block Java exploit System Security
Cyber Spies Exploit Java and Flash Flaws Security News
Exploit Packs Run on Java Juice Security News
Exploit:Java/CVE-2008-5353.B;Trojan:Java/Selace.A and B System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 07:11 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33