A Java Zero-Day vulnerability was disclosed today, and its being distributed through the use of websites.
It is ill-advised to allow it to run. Please be sure to disable Java on your browser momentarily to give the Java developers some time to develop a patch.
Disable Java by following these steps:
- Internet Explorer readers: http://kb.iu.edu/data/ahqx.html
- Mac readers: http://www.maclife.com/article/howtos/how_disable_java_your_mac_web_browser
The signature for the payload can be found in our labs here: http://labs.sucuri.net/db/malware/mwjs-encoded-dadong1
If you open a site you feel might be infected using curl you’ll be able to better see the payload.
curl -D – http://[domainname]/index.html
Although Java is platform independent, the current payload appears to be targeting Java installs on Windows 7 SP 1 boxes, confirmed by a number of local desktop Anti-Virus companies.
Here are some details on the infection:
- When applet.jar is loaded, it disables protection against local files file://
- It then targets the Windows OS here: check os.name <http://os.name/>;, if it’s not “Windows” then exit
While our focus is not desktop, web properties are being used to distribute this payload and further infect local environments. Please do your due diligence to check your website to ensure you’re not increasing the risk of distributing this to your visitors.
Our definitions have been updated, if you’re a client you’ll be notified on the next scan, if you’re not, you can always use our free scanner, SiteCheck.
If you have any questions or concerns please leave us a comment or send us a note at firstname.lastname@example.org.