Malware masquerades as patch for Java

The malware, ironically, does not actually exploit the Java vulnerabilities, according to Trend Micro

By , IDG News Service |  Security, java

Users can also opt to keep Java on their computer but disable it within the Web browser, which is how the latest vulnerabilities exposed users to attack.

The two vulnerabilities patched by Oracle on Sunday both could be exploited by a malicious "applet," a Java application that's downloaded from another server and runs if a user has Java installed. Applets are often embedded in Web pages and run in the browser.

Security reporter Brian Krebs wrote on Wednesday that a zero-day Java exploit for an apparently brand-new vulnerability was being advertised for $5,000 in an underground hacking forum. The advertisement was posted for a short time, then disappeared, Krebs wrote.

Oracle officials did not respond to an email request for comment.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

  Sign me up for ITworld's FREE daily newsletter!
Email: 
 

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question