Friday, January 11, 2013

Mal/JavaJar-B,
That New Java 7 Malware
You've Been Waiting For!

--
[Updated 2012-01-28]

That didn't take long! Sophos has reported the name of the new in-the-wild Java 7 exploit is:



Translated into the official malware naming system (that nearly everyone ignores), the name would be:

OSX.Trojan.JavaJar.B

Naming such malware as a 'Trojan horse' is debatable as it is a drive-by infection not requiring anything more than a user visiting a website with the Java plug-in left insecure. I suspect this is why Sophos reports the malware as 'Mal'. I personally would advocate for calling it:

OSX.DriveBy.JavaJar.B

In any case, the malware is here and dangerous.

Just Turn Java OFF.

--> UPDATE NOTE from 2013-01-28:
It has been found that the "Very High" Security Level setting is INEFFECTIVE! It does NOT block malware. Consider it USELESS! Read ahead to my article:

Just Turn Java Off: 'Very High' Security Setting NOT EFFECTIVE!

Or if you must use Java, at least get used to keeping its Security setting at 'Very High' as of Java v1.7 update 10, aka 7u10. 


Sophos provides a picture that indicates using the 'High' setting. That's baloney. Just leave it on 'Very High' until you're at a trusted web page. Don't forget to turn it back to 'Very High' BEFORE you leave that web page. And yes kids, this is a big PITA. Blame Oracle.

Also, Sophos made an error when they stated:
A single check-box can be used to disable the web plugin entirely...



That continues to NOT be true on the OS X version of the Java 7u10 'Control Panel'. Oracle know about it. They attempted to provide a workaround that was specific to OS X 10.8.x. But from my experience, Oracle's workaround was a FAIL. Hopefully Oracle will figure out how to allow mere humans to uncheck a checkbox in their next rendition of Java 7. 

Sheesh. :-P


--

1 comment:

  1. One of my Mac security gang members pointed out to me that Sophos has NOT found Mal/JavaJar-B on Macs. However, there are reports of it on 'UNIX'. Seeing as Mac = UNIX that's a bit confusing. I'm waiting until Monday to see how things settle out then make another evaluation of the situation.

    Also, locally the TV airwaves are being bombarded with news about the US Department of Homeland Security suggesting that everyone...

    Just Turn Java OFF!

    Sadly, the commentaries I'm hearing on TV about the situation are inane and distracting people from actually understanding the problem. It's what I call the TechTard Journalist Effect. I'm always ranting about how "TechTardiness Is Rampant!" But there's nothing I know of to solve it except our doing our best to share the facts with others to the best of our ability, as close to their level of comprehension as possible. It's the state of the tech, so to speak.

    ReplyDelete