Read here -
http://www.net-security.org/secworld.php?id=13484
"Researchers from security firm FireEye have discovered targeted attacks exploiting a zero-day Java vulnerability to deliver the Poison Ivy RAT onto the unsuspecting victims' machines.
The attacks are limited, but it's only a matter of time until other cyber criminals create their own pages exploiting the flaw.
In the meantime, a module that takes advantage of it has already been added to the Metasploit Framework, and it works against a fully patched Windows 7 SP1 with Java 7 Update 6, Mozilla Firefox on Ubuntu Linux 10.04, Internet Explorer / Mozilla Firefox / Chrome on Windows XP, Internet Explorer / Mozilla Firefox on Windows Vista and Windows 7, and Safari on OS X 10.7.4."
Best thing to do? disable Java until they bother patching it/trying to find the exploit. Supposedly a patch coming out in late October but yet to hear news from Oracle on the exploit..
Iv'e disabled. I am not taking any chances with this shit. Looks like no minecraft for a while ;/
P.s Thanks Hexta for informing me
(Think TC should bring back the rep for forums)
+1
Doesn't this belong in the tech area..?
New hacks and exploits come out every day. The chances are you won't run into this unless you're browsing dodgy sites. Disabling Java all together is silly - Just disable it in the browser.
This news article is a highly poor source of information. Whilst failing completely to tell you the effects that this piece of malware can have, it uses scare tactics giving names of virus' and calling it 'Critical' and using image's like this;
![[Image: danger.jpg]](http://www.net-security.org/images/articles/danger.jpg)
Yes world. We know how to use clip art.
Look c'mon I acknowledge this could be a legitemate threat but the way this article was so terribly laid out I almost don't want to beleive it :/
"Better safe, than sorry" Im pretty sure most Malware is the same see here
http://en.wikipedia.org/wiki/Malware
(2012-08-29 02:36)Tommer Wrote: [ -> ]This news article is a highly poor source of information. Whilst failing completely to tell you the effects that this piece of malware can have, it uses scare tactics giving names of virus' and calling it 'Critical' and using image's like this;
http://energy.gov/cio/articles/u-245-cri...-exploited
*facepalm*
This article used as a sole reference by the Chief Information Officer for the US Energy Department. Just so it's clear, I agree with your statement.
BTW - I moved this to Tech News and that's the most appropriate section for this.
There're are tonnes and tonnes of exploits all over the place for various things being discovered every day. After this news I'm sure Oracle will get every software engineer at their disposal onto this issue and release a patch before anyone gets the chance to exploit the bug.
(2012-08-29 08:55)Lampshade Wrote: [ -> ]There're are tonnes and tonnes of exploits all over the place for various things being discovered every day. After this news I'm sure Oracle will get every software engineer at their disposal onto this issue and release a patch before anyone gets the chance to exploit the bug.
Your post just made me scream "IF ONLY MORE THINGS WERE OPEN SOURCE!!!! blfjbsighsfjsad" You need to fully annunciate the last bit to get my mood right. Ah... I can dream...
Just wait until it spreads around and kids on hack forums find it then you're all screwed
You can only get infected with it if you click on a website or something, so your stupid if you get infected with it.
(2012-08-29 16:10)SLiiDE Wrote: [ -> ]You can only get infected with it if you click on a website or something, so your stupid if you get infected with it.
Well yes, accessing a website could infect your system, but how does that make someone "stupid" ? Don't you browse the web yourself too?
Nothing really new here.
90something% of all malware comes through Java, Acrobat or Flash flaws.
Now, Oracle are doing quarterly updates to Java, so it's even less secure than before.
Adobe is winding down support for flash on many platforms.
Acrobat is a document format that, for some retarded reason, supports scripting.
This should be standard fare these days:
Disable Java except where and when you *know* it's needed.
Install the no-script (or equivalent) plugin in your browser and only allow scripts when they're needed and only from trusted sites.
Use an Acrobat reader that's better & safer than Adobe's such as Foxit Reader.
Most drive-by-malware infections come from ads, so only going on safe sites doesn't really protect you. This is where things like no-script really help - it'll also make your web browsing faster as it will prevent most of the useless cruft from hogging your RAM + CPU.