Background of the Attack
A vulnerability in the Oracle's Java application, Java Deployment Toolkit (JDT), was spotted by two security researchers and was publicly disclosed on April 9, 2010. Although the said vulnerability has already been identified in 2008, Oracle did not deem it as highly critical to release an out-of-band patch. Following the public disclosure, however, were reports of an attack that exploited this vulnerability. This attack targeted songlyrics.com, a website that hosts song lyrics of popular music artists. This led Oracle to finally release of an out-of-band patch through an updated version of Java.
How does this threat get into users' systems?
How does this threat affect users?
What is the driving force behind this threat?
Ultimately, this threat aims to download other malicious files onto affected systems, allowing them to become a launchpad for other malware attacks. It exposes the user to a variety of potential threats that can be silently installed on a system without users' knowledge. These threats may be backdoor programs that allow remote attackers to take control of users' systems, information-stealing Trojans that steal sensitive data from affected systems, or bots that make the systems part of a network of zombie computers under the control of cybercriminals.
How can users protect themselves from this attack?
Oracle released an updated version of Java to address the vulnerability that this threat exploits. Users should upgrade their Java applications to this version to prevent their systems from being compromised. More importantly, users should practice safe online browsing habits by disabling browser scripting and by avoiding downloadable applications from untrustworthy sources.
Trend Micro protects users from this attack via the Smart Protection Network™, which blocks access to malicious URLs that this threat connects to via the Web reputation service. It also detects and prevents the execution of all malware related to this attack via the file reputation service. Trend Micro OfficeScan™ users with Intrusion Defense Firewall (IDF) plug-in are also protected from this attack if their systems are updated with IDF rule number 1004091.