Friday, 11 January 2013

Mal/JavaJar-B, That New Java 7 Malware You've Been Waiting For!

--
[Updated 2012-01-28]

That didn't take long! Sophos has reported the name of the new in-the-wild Java 7 exploit is:

Translated into the official malware naming system (that nearly everyone ignores), the name would be:

OSX.Trojan.JavaJar.B

Naming such malware as a 'Trojan horse' is debatable as it is a drive-by infection not requiring anything more than a user visiting a website with the Java plug-in left insecure. I suspect this is why Sophos reports the malware as 'Mal'. I personally would advocate for calling it:

OSX.DriveBy.JavaJar.B

In any case, the malware is here and dangerous.

Just Turn Java OFF.

--> UPDATE NOTE from 2013-01-28:
It has been found that the "Very High" Security Level setting is INEFFECTIVE! It does NOT block malware. Consider it USELESS! Read ahead to my article:

Just Turn Java Off: 'Very High' Security Setting NOT EFFECTIVE!

Or if you must use Java, at least get used to keeping its Security setting at 'Very High' as of Java v1.7 update 10, aka 7u10. 


Sophos provides a picture that indicates using the 'High' setting. That's baloney. Just leave it on 'Very High' until you're at a trusted web page. Don't forget to turn it back to 'Very High' BEFORE you leave that web page. And yes kids, this is a big PITA. Blame Oracle.

Also, Sophos made an error when they stated:
A single check-box can be used to disable the web plugin entirely...



That continues to NOT be true on the OS X version of the Java 7u10 'Control Panel'. Oracle know about it. They attempted to provide a workaround that was specific to OS X 10.8.x. But from my experience, Oracle's workaround was a FAIL. Hopefully Oracle will figure out how to allow mere humans to uncheck a checkbox in their next rendition of Java 7. 

Sheesh. :-P

--
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search