A new Trojan horse called Mal/JavaJar-B has been found that exploits a vulnerability in Oracle’s Java 7 and affects even the latest version of the runtime (7u10). The malware has currently been seen attacking Windows, Linux and Unix systems.
The Department of Homeland Security said attackers could trick targets into visiting malicious websites that would infect their PCs with software capable of exploiting the bug in Java. An attacker could also infect a legitimate website by uploading malicious software that would infect machines of computer users who trust that site because they have previously visited it without experiencing any problems.
Developers of several popular hacker tools, known as exploit kits, used to attack PCs, have added software that allows hackers to exploit the newly discovered bug in Java to attack computers.
Users can immediately protect themselves in the following ways:
- STOPzilla users will be delivered a patch today which prevents the infection as part of their normal update service.
- By disabling Java content in their browser
- Downloading the latest version of Java: http://java.com/en/download/java_update.jsp
To disable Java in your browser Go to the Java Control Panel that is installed along with the runtime, and in the Security section uncheck the option to “Enable Java content in the browser,” which will disable the browser plug-in.
Read more about the threat and Oracle