It is only 48 hours ago that media started reporting about the newly discovered 0-day in Oracle Java version 7. Now we have discovered the first Blackhole exploit kits using this exploit to harm users! And we’re just getting started.
When the news came out that the exploit is likely to be implemented in Blackhole exploit kits, the IT security world listened up, because these kits are one of, if not the, most widespread attack instruments around. Everybody knew: The combination of this new exploit and the exploit kit, with Oracle’s next planned update release almost 2 months away – the impact is going to be huge! And not even 48 hours after the discovery was made public, we have evidence for this run to happen:
We encountered IP ranges that serve various URLs that host a Blackhole exploit kit with the new attack implemented (see example URLs below). Those URLs are very short-living and this is only the tiny tip of the iceberg! We'll keep you updated.
Background information:
What's the problem?
A 0-day vulnerability has been discovered in Oracle's Java 7. According to media reports, attacks so far have only been targeted and not widespread. However, since the exploit code has now been published, there will soon be many exploit packs and other attack scenarios and the number of registered attacks will rise inevitably.
Who is affected?
Users of the following Java versions: Java 7 Update 0 to Java 7 Update 6 are currently at risk as potential victims. Users of Java Version 6 or below do not seem to be affected by this vulnerability – but the use of older versions of Java bears other security risks and we explicitly advise against downgrading!
What should I do now?
Until Oracle provides a suitable patch or update for Java, there is only one way to prevent the effect of the exploit: to deactivate Java 7 for all installed browsers. This is done in two steps, which must both be performed!
Step 1: This is how you deactivate Java for all the browsers you use
Step 2: Deactivate Java individually in each installed browser
This is how you can test whether you've made the right settings for the current threat:
Is it possible to simply remove Java 7?
Of course, that is possible. However, there are also legitimate programs on your PC that use Java and without the installed Java components some legitimate program functions might not work properly.
General notes on handling Oracle's Java: