Researchers from security firm FireEye have discovered targeted attacks exploiting a zero-day Java vulnerability to deliver the Poison Ivy RAT onto the unsuspecting victims’ machines.
The vulnerability allows computers to be infected by simply visiting a specially crafted web page, and the malware served in the current attacks contacts a C&C server in Singapore.
The attacks are limited, but it’s only a matter of time until other cyber criminals create their own pages exploiting the flaw.
In the meantime, a module that takes advantage of it has already been added to the Metasploit Framework, and it works against a fully patched Windows 7 SP1 with Java 7 Update 6, Mozilla Firefox on Ubuntu Linux 10.04, Internet Explorer / Mozilla Firefox / Chrome on Windows XP, Internet Explorer / Mozilla Firefox on Windows Vista and Windows 7, and Safari on OS X 10.7.4.
Researchers from heise Security have also created a PoC page using information that is publicly available.
Oracle is yet to comment on the news, and to say whether it will break its scheduled quarterly patch cycle to issue a patch for the flaw.
In the meantime, users are advised either to disable or remove Java for the time being – or for good.
If you’re a Windows user and you have decided to disable Java, go to your Control Panel, select “Java”, and once the “Java Runtime Environment Settings” dialog box appears, select “Java” once again and uncheck the “Enabled” check box. Needless to say, if in the future you need to use Java again, go through the same steps and check the aforementioned check box.
To completely remove Java from your system, go to the Control Panel > Programs > Programs and Features, find Java, select it and press the “Uninstall” button.
Another option is to remove the Java plugin from the browser.