Slashdot Mirror

← Back to Stories (view on slashdot.org)

Browser Exploit Kits Using Built-In Java Feature

Posted by kdawson on from the corruptable-cuppa dept.

tsu doh nimh writes "Security experts from several different organizations are tracking an increase in Windows malware compromises via Java, although not from a vulnerability in Windows itself: the threat comes from a feature of Java that prompts the user to download and run a Java applet. Kaspersky said it saw a huge uptick in PCs compromised by Java exploits in December, but that the biggest change was the use of this Java feature for social engineering. Brian Krebs writes about this trend, and looks at two new exploit packs that are powered mainly by Java flaws, including one pack that advertises this feature as an exploit that works on all Java versions."

2 of 96 comments (clear)

  1. Um, What? by Rary · · Score: 5, Insightful

    People who click "OK" on random dialogs that ask them to confirm installation of something they didn't ask for are targets for malware, and this is news... because it's using Java? Am I missing something?

    --

    "You cannot simultaneously prevent and prepare for war." -- Albert Einstein

  2. Re:Nothing new here by Anonymous Coward · · Score: 5, Insightful

    There is a big "Security Warning" dialog box. What should Java do more?

    It is like you are complaining that EXE's has a big concern. They are doing the same thing. If you click on an exe file, the browser will ask you if it should be opened. Then you will see one more security warning box again and the exe will start running.

    Let's start a petition: all exe files should be removed from the internet right now, because they are a big security hole.