Five-month-old vulnerability used to spread Malware

by Steve Ragan - Aug 19 2010, 08:00

Microsoft is offering a heads up to those who are slow to patch Java installations. The software giant recently warned customers that a flaw in Java, patched almost five months ago, is being used to spread Malware by an obscure family strain.

The Malware family, known as Unruy in Microsoft’s detection scheme, is a Trojan that will drop spammy advertisements to an infected system, open up backdoors, and install Rogue anti-Virus software.

Recently, Microsoft noticed Unruy was using CVE-2010-0094, a vulnerability in Java, to attack remote systems. The Java flaw, which if exploited allows code execution, exists within the deserialization of RMIConnectionImpl objects.

“Due to a lack of privilege checks during deserialization it is possible to supply privileged code in the ClassLoader of a constructor being deserialized,” the Zero Day Initiative commented when the details of the flaw were published earlier this year.

“This allows for a remote attacker to call system level Java functions without proper sandboxing,” it added. “Exploitation of this can lead to remote system compromise under the context of the currently logged in user.”

In short, loading a malicious Java applet is all a user needs to do to grant the attacker access. The flaw is present in versions of the Java Runtime Environment up to version six, update 18.

Microsoft is detecting both the malicious Java applet, as well as the bundled downloader on its security offerings.

“A security update for this vulnerability has been available since March 2010 and we suggest you apply it as soon as possible, if you haven’t already,” Marian Radu wrote on Microsoft’s Malware Protection Center blog. “As good practice, we advise every user to always update their programs as well as their operating systems.”

Details from Oracle can be viewed by clicking here.

Around the Web