Critical Java Exploit Spreads like Wildfire; No Fix Available

While half of the globe was busy yesterday having the “lols” about the Japanese kitten rigged with a malware-infested flash device attached to its collar, serious stuff was going down in Javaland.

UPDATE: On January 13, Oracle issued a partial fix for the issue. The patch is now available on the Oracle web portal and updates the java version to 1.7 Update 11. You are advised to update immediately, but manifest caution when visiting web pages outside of your trusted websites list.

Remember that Oracle shipped the new version of Java with built-in disabling features sometime before Christmas? Now would be a great time to put these to good use, as a new zero-day exploit targeting Java 1.7 rev 10 has just made its way into a brand-new exploit kit tailored for exclusive clientele.

We’re digging into the issue, but, until we come up with a fix for that, it would be a great idea to flush Java off your computer or, at least, to turn off the Java plugin for the browser you’re using to navigate the Internet.

In 2012, Java was hit by two super-critical bugs that have been rapidly included in the Blackhole exploit pack, one of the most popular attack toolkits to date. Following the first series of attacks in August against machines running Java 1.7, Java maker Oracle issued a fix that only made things worse. The patch made way for a similar exploit that now affects Java 5, 6, and 7 alike.

Given the current situation, you are strongly advised to put Java down and keep it that way until things get sorted out. Also make sure that you DO NOT follow any spammy links, regardless of how appealing they might look like in the following days.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.


Click here to post a comment
  • hi.
    Blackhole and Nuclear Pack included this exploit to their Exploit packs, bad news for uk, us, and v-europe citizen. ugly things will happen >:)

  • Install Java, they said. It would be fun, they said. Ugly things are already happening. These exploit packs appear to be located in US, Canada and the UK.

    • yes… Exploit pack usually follow people with lots of money so US… UK… Canada… are targets,

      soon (1-2 days) this exploit will be publicly available (included in metasploit or other free exploit pack),
      recently a big boys tool (40 000 $) Carberp was leaked, so…”hackers” will be happy, java users .. as you say, will have funny moments like “where my money gone????, few seconds was in my account … now is empty..”

      Can’t you (av) just block *.jar for being load from internet? i know that many people have software that need java to run, so uninstalling java is not an option

      • Decrypted proof of concept code has already been made available on the web. Almost four hundred million devices run Java 1.7 and they can be hit at any time. That is why we advise clients to disable the browser plugin in the browser they use for web surfing and only keep the plugin enabled in a secondary browser for brief access to their trustworthy resources that require Java.

        • indeed, got it and put it to my collection >:)

          I was wrong, I thought that this exploit will be used for the growth of botnets, but i read that is spreading lots of ransomware

          …give me your wallet they said

  • Someone please let me know this: Is this exploit also with Java 7 Update 9? Am I safe if I don’t update yet?

  • No, if you have any version of Java 7 (including Update 9 and Update 10), you should uninstall or disable it. Every build in the Java 7 distro is vulnerable.

  • according to SANS ( ) even version . beyond 7 are vulnerable