Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: And the Java 0-days just keep on coming - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
And the Java 0-days just keep on coming

The bad guys certainly seem to be picking on Oracle in the last month or two.  The folks over at Fireeye have posted some info about another 0-day affecting Java that is being exploited in the wild.  This one hits even the latest versions of Java 6u41 and 7u15.  From the writeup the it seems the exploit is currently not always successful, but when it is drops a remote access trojan on the systme and connects back to an HTTP command and control server.  I haven't had a chance to actually look at the malware yet, so go read the Fireeye writeup for the indicators of compromise to look for in your network.  Simultaneously, Adam Gowdiak has also informed Oracle of 2 different exploitable vulnerabilities (though at least one of his only affects 7u15, not 6u41), though those exploits are apparently not be used in the wild at the moment.  In the meantime, all our previous advice still applies.  If you don't need Java, don't install it/remove it.  If you do need it, only enable it when you need it and/or run it inside another sandbox (SandboxIE, a sacrificial VM).


Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS DFIR Summit & Training 2022


423 Posts
ISC Handler
Mar 1st 2013
Let's just all assume there will be a vulnerability and how about you only post on days when there isn't a story about Java in the news?

Sign Up for Free or Log In to start participating in the conversation!