Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Java Exploits

11 Nov 2010   #1

Win 7 Ultimate 64-bit. SP1.
Java Exploits

The recent Java JRE patch bundle released by Oracle contained a long list of security fixes, several of which for vulnerabilities that allow drive-by exploits. And since Java is present on pretty much every Windows PC, and people don't seem to do their Java updates quite as diligently as their Windows patches, there are A LOT of vulnerable PCs out there. Microsoft reported on this a month ago, and called it an "unprecedented wave of Java exploiting".

It doesn't look like the situation has improved since, and the bad guys are taking advantage. Not surprisingly, the FAQ document on "Virus found in my Java Cache Directory" is ranked third most popular of all the issues listed on Java Help Center. The two issues ranked ahead of it are also security concerns.. not a pretty picture for Oracle or Java, I'd say.

Let's take a look at one of the popular exploits that are making the rounds, the "bpac" family. The exploit used is for CVE-2010-0840 (Hashmap), already covered by the Java patch bundle in July, but apparently still successful enough to be used. I guess the bad guys won't start "burning" their newest Java exploits while the old set is still going strong.

The infection usually happens as follows:
(1) User surfs to website that has been injected with the exploit
(2) Exploit pack triggers - it comes as an obfuscated JavaScript that downloads an Applet and a PDF
(3) The applet contains an exploit, here for CVE-2010-0840
(4) The applet is invoked with a parameter that tells it where to find the EXE
(5) If the exploit is successful, the EXE is downloaded and run

The EXEs pack quite a punch - one recent sample submitted contained no less than 66 individual other malicious EXEs. Yes, a user would be bound to notice this deluge of badness, but he still wouldn't stand a chance to ever clean ALL of this crud off the system again.
More -
Java Exploits

My System SpecsSystem Spec


 Java Exploits

Thread Tools

Similar help and support threads
Thread Forum
Report: Half of all exploits target Java
Source A Guy
Security News
NetTraveler Variant Adds Java Exploits, Watering Hole Attacks...
NetTraveler Variant Adds Java Exploits, Watering Hole Attacks to Bag of Tricks Source A Guy
Security News
Will Certain Updates open me up to Exploits?
I am just wondering... You can call me a noob if you want =) My way of thinking is that the least amount of software that you do not use is installed.... that more protected it will be. For instance... I do not use Silverlight whatsoever. Nor do i use Microsoft Security Essentials. Are there...
Windows Updates & Activation
Analysis: Flashback Spread Via Social Engineering, Then Java Exploits
Source A Guy
Security News
Browser exploits.
Source - TippingPoint offers hackers $100,000 for browser and phone exploits | Security Central - InfoWorld
Browsers & Mail
With Exploits on the Way, It's Critical Win 7 Testers R
More at: DailyTech - With Exploits on the Way, It's Critical Win 7 Testers Run Tool to Safeguard Their PCs

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 18:36.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App