Wednesday, April 24, 2013

Recently patched Java flaw already targeted in mass attacks, researchers say

PCWorld - A recently patched Java remote code execution vulnerability is already being exploited by cybercriminals in mass attacks to infect computers with scareware, security researchers warn.

The vulnerability, identified as CVE-2013-2423, was one of the 42 security issues fixed in Java 7 Update 21 that was released by Oracle on April 16.

According to Oracle’s advisory at the time, the vulnerability only affects client, not server, deployments of Java. The company gave the flaw’s impact a 4.3 out of 10 rating using the Common Vulnerability Scoring System (CVSS) and added that “this vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets.”

However, it seems that the low CVSS score didn’t stop cybercriminals from targeting the vulnerability. An exploit for CVE-2013-2423 was integrated into a high-end Web attack toolkit known as Cool Exploit Kit and is used to install a piece of malware called Reveton, an independent malware researcher known online as Kafeine said Tuesday in a blog post.