Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Java Windows

Browser Exploit Kits Using Built-In Java Feature 96

Posted by kdawson from the corruptable-cuppa dept.
tsu doh nimh writes "Security experts from several different organizations are tracking an increase in Windows malware compromises via Java, although not from a vulnerability in Windows itself: the threat comes from a feature of Java that prompts the user to download and run a Java applet. Kaspersky said it saw a huge uptick in PCs compromised by Java exploits in December, but that the biggest change was the use of this Java feature for social engineering. Brian Krebs writes about this trend, and looks at two new exploit packs that are powered mainly by Java flaws, including one pack that advertises this feature as an exploit that works on all Java versions."
This discussion has been archived. No new comments can be posted.

Browser Exploit Kits Using Built-In Java Feature More

Browser Exploit Kits Using Built-In Java Feature

Comments Filter:

  • Um, What? (Score:5, Insightful)

    by Rary ( 566291 ) on Monday January 10, 2011 @12:44PM (#34824444)

    People who click "OK" on random dialogs that ask them to confirm installation of something they didn't ask for are targets for malware, and this is news... because it's using Java? Am I missing something?

  • Re:Browse without Javascript, (Score:5, Insightful)

    by Monkeedude1212 ( 1560403 ) on Monday January 10, 2011 @12:47PM (#34824476) Journal

    Ignoring the fact that this has nothing to do with Javascript - or IE. Some of the things they listed are simple social engineering attacks. You visit the site, asks you to run the Java Applet, the Java applet is malicious code. And if you can compromise someone's website to redirect you to your own look-alike with a malicious Java Applet asking to run, that looks like another prime strategy.

    The Java exploit is basically what takes what should be a seperate application and somehow gets more access than it should have, and probably installs something on the users computer like a trojan or worm.

    Browsing in Chrome won't save you from this. This is (sort of) a problem with the way Java Applets are handled - or a problem with the way users interact with the web (take your pick). They're both contributors to the problem really.

  • Re:Nothing new here (Score:5, Insightful)

    by Anonymous Coward on Monday January 10, 2011 @01:07PM (#34824732)

    There is a big "Security Warning" dialog box. What should Java do more?

    It is like you are complaining that EXE's has a big concern. They are doing the same thing. If you click on an exe file, the browser will ask you if it should be opened. Then you will see one more security warning box again and the exe will start running.

    Let's start a petition: all exe files should be removed from the internet right now, because they are a big security hole.

  • Re:Um, What? (Score:4, Insightful)

    by Monkeedude1212 ( 1560403 ) on Monday January 10, 2011 @01:20PM (#34824882) Journal

    Administering a network of a thousand computers with no users is way easier than a network of 100 computers with 100 users.

  • Re:Nothing new here (Score:3, Insightful)

    by mmmmbeer ( 107215 ) on Monday January 10, 2011 @05:08PM (#34828174)

    Won't help. Every time we try to make something more idiot-proof, the universe invents a better idiot.

Slashdot Top Deals

And it should be the law: If you use the word `paradigm' without knowing what the dictionary says it means, you go to jail. No exceptions. -- David Jones

Close