As you probably already know, we detected a 0-day vulnerability in Java 1.7 0 whereby the machine could be exploited by any malware for remote code execution. Only users who use this version of Java are were affected . Fortunately, Oracle has released an emergency update to prevent cybercriminals from taking advantage of it.
One of the means the cybercriminals were using to exploit this vulnerability is via spam email. The email pretends to come from a company called ADP and notifies you that your digital certificate is about to expire, threatening to cut your “ADP’s Internet services”.
When you click on any of the links in the email, you are redirected to a compromised website, which will load the exploit on your system and downloads several malicious files.
Luckily, our Panda Security products already detected this attack, so our customers were protected at all times.
Just in case a similar exploit happens again, we want to include a little guidance on how to disable Java.
If you use Windows:
In the Control Panel, you can access the Java control panel on your machine. In the Java tab, click on the View button to change the settings. Just disable version 1.7, which was exploitable. If you have an earlier version, do not turn it off, as we can still use the basic features of the program.
Then, depending on the browser you use, this is what you do:
Internet Explorer:
To disable Java in Microsoft’s browser, access the Tools menu, now select Internet Options. Within the Programs tab click Manage Add-ons. Select all plugins and disable Java version 1.7 if it is installed.
Firefox:
From the Tools menu you access Add-ons. On the left, select the Plugins menu and disable those belonging to Java 1.7.
Google Chrome:
The easiest way is to type “chrome://plugins/” (remember to remove the quotation marks) in the address bar of the browser, which will direct you to the plugins menu. There you can disable the Java 1.7 plugin.
In any case, try to avoid such situations: as always we recommend you have an antivirus installed and updated on your computer as well as patching or updating all software versions you may have on your computer (like Java).
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
3 comments
I’m really interested in this information. I simply do not know if java can be exploited. This means that dataguard invented by oracle concerning the java as a plug-ins feature does not guarantee the freedom of attempts of exploits.