SEPTEMBER 6, 2013
Your regular source of security updates from TrendLabsSM
In This Issue

Security Spotlight
Something Old, Something New: Zero-Day Exploit for Java 6 Spotted

Security for Home Users
Why It Pays to Patch Programs and Platforms

Security for Business
Dud or Dynamic? Vulnerability Shielding Against Exploits



Security Spotlight

Something Old, Something New: Zero-Day Exploit for Java 6 Spotted

The continued use of Java 6 means that cybercriminals will continue to have a large pool of potential victims.”



Zero-day exploits continue to cause problems for users and organizations alike. Recently, reports of an active exploit that targets a Java 6 vulnerability surfaced. The defunct state of Java 6 and the still-large number of Java 6 users make this discovery more troubling.

New Exploit for Old Java

The exploit we detected as JAVA_EXPLOIT.ABC targets the CVE-2013-2463 vulnerability. This particular exploit has since been added to the Neutrino Exploit Kit. Among Neutrino’s routines are infecting computers with ransomware, which can lock your files and computer until you pay a required fee.

Java 6 users hoping to get a patch for this vulnerability are out of luck, as Oracle officially stated that support for Java 6 has been discontinued. In lieu of an update, Oracle has been urging users to simply install the latest version of Java.

Old Versions Die Hard

Oracle’s decision to no longer support Java 6 could be advantageous for cybercriminals. They may continue to use this vulnerability for their malicious schemes without worrying about patches or updates stopping them. The absence of Java 6 updates has serious implications since reports show around 50% of users still use the version despite the availability of a newer one. The continued use of Java 6 means that cybercriminals will continue to have a large pool of potential victims.

What to Do with Java

It’s best to always keep Java and other programs updated. If possible, opt for the “get updates automatically” setting that is available in most programs. Make sure to get updates from official sources; some updates could be malware in disguise.

Uninstalling Java may also help reduce the risk of exploits. But you should only uninstall Java if you don’t need it. If not, you can enable Java in a secondary browser. Disabling Java in your main browser will not affect any applications that need it to properly run.

Copyright ©2013 Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their respective owners. The information contained in this document is subject to change without prior notice.

www.trendmicro.com

  CONNECT WITH US ON: