There is a Java exploit that affects all Windows and code is in use and infecting computers.
All that is needed for your computer to be infected with this malware is to visit a hacked website. There is no warning. No pop-up. You just visit the website and your computer is infected.
Within a few days of release, a Java exploit has been converted into malware and put into use infecting computers.
Sun/Oracle, the company that makes Java, has released an update that you need to make sure is applied on your computer or you risk getting your computer infected! In this post I’ll tell you a bit about the exploit and how to update Java on your computer to make your computer safe.
You can read the post or follow the video I created for you.
What is Java?
Java is a programing language that is used on websites. It was designed to be portable, meaning it works on virtually all computer operating systems like Windows, Mac, and Linux. It was also designed to be secure and for the most part is has been much better than some other options available. Nearly all computers have it installed. Nearly all web pages use some Java on them. We can almost guarantee you have it on your computer.
What is this Java exploit?
Tavis Ormandy, a worker at Google, discovered it. A feature was introduced in Java 6 update 10 (sometime last year) that allows Java to start another program. Due to a flaw in the way this works in Microsoft Windows, this can give the program more authority than it should. It allows the program to gain access to the Administrative account and install malware that infects the whole computer. All that is needed is to visit a website that has the code in it.
Tavis first contacted Sun/Oracle.
Sun/Oracle (Sun was just acquired by Oracle) did not think the vulnerability was important enough to warrant an emergency update release (Java was just updated April 2). Tavis believed that the vulnerability was too easy to find and use. So, in order to provide the rest of us with a warning (otherwise no one might know they could be hacked this way once it started) he release the vulnerability to the public about April 9th.
Within days code was available online taking advantage of the bug.
By April 14th virus hunters discovered a major website had been hacked with the code and was infecting visitors.
I have no doubt that more than one website has been hacked and that this code is going to see very wide use by malware creators and hackers. The code is simple and easy to use. The website discovered is a music lyric site with nearly 2 million visitors a month.
All it would take to infect your computer is to follow a link to an website with the malware code in it.
It could be a link in an email by a friend. Your friend may not even have sent it. Maybe the account was hacked and the email was sent by malware. Maybe you followed a bad link on another website or from Twitter, Facebook, Buzz, or any other social network. It’s all too easy for your computer to get infected.
How to update Java and make your computers safe from this malware:
- From your start menu
- Click on Control Panel
From here there are two possibilities.
- If your control panel is in classic view you can click on the Java icon.
- If your control panel is in Category View (default since Windows XP). Click on Other Control Panel Options in the left column. Then click on the Java icon.
- Once the Java control panel opens you can click on the “About” button to find out what version you are running.
You need to be running at least Java Version 6 Update 20 at the time of this writing.
Anything less and you are in trouble.
- Close the About window (press the close button).
- Click on the Update tab at the top of the Java Control Panel
- Click Update Now
- Follow the instructions as it downloads and installs.
I do not recommend installing any of the toolbars or offers that the installer might have for you at this time. Make sure to uncheck the box on the screen with these offers.
Just to recap, this exploit affects Microsoft Windows computers with Java (nearly everyone with Windows). You should also make sure have all the Windows Updates and have updated any Adobe PDF software (again on almost all computers) recently (Adobe Readers is currently at Version 9.3.2). All of these updates affect drive-by exploits that only require you do visit a website to get infected. You need Java Version 6 Update 20 to be safe.
Please make sure your friends update their computers and Java on those computers too. One primary reason malware is successful is that users don’t know how or how important keeping their computer updated is to keeping it safe. Send them to this site and tell them to sign up for the newsletter so they can find out how to keep their computer safe.