Why you should disable JAVA in your computer NOW
January 11, 2013
(MONROE, WA) -- If you know what’s good for you – particularly those of you that have computers you use in business – you should disable the software app in your machine called Java now and keep it disabled.
Security experts say you should disable Java now.
That means disable the Java plug-in on your web browser and the main Java app that is accessed through the Control Panel in most PC’s.
That’s the word from computer security experts in a new piece in Informationweek.com and other sources.
Java is a computer software application that runs in the background on your computer.
The message to disable comes “After the discovery Thursday of yet another zero-day Java vulnerability, as well as a number of attacks that are already exploiting the flaw to run arbitrary code on PCs,” writes Mathew Schwartz in an InformationWeek security bulletin found here
The story quotes research engineer Nick Randolph as saying, "It looks like this exploit is being used in at least four different active exploit kits -- Blackhole, Cool Exploit Kit, Nuclear Pack and Redkit…source code has popped up on pastebin as well.”
The Java “zero-day vulnerability,” dubbed CVE-2013-0422, "allows remote attackers to execute arbitrary code via unknown vectors, possibly related to 'permissions of certain Java classes,'" according to the National Vulnerability Database.
Another security company (The H Security) writes.” The vulnerability is, however, already being exploited by cybercriminals to distribute malware. Security blogger Brian Krebs says that attack modules for the Black Hole and Nuclear Pack exploit kits are already available.
According to Krebs, a Black Hole developer calling himself "Paunch", posting on underground forums yesterday (Wednesday), heralded the zero day exploit as a New Year's gift for his paying customers.
Because the vulnerability, thanks to the various exploit kits, requires minimum effort to exploit, it is reasonable to expect that the number of web sites hosting the exploit is likely to rise exponentially over the next few days. Simply visiting an infected web site is all that's required to fall victim to a malware infection. The attack code may also be hosted on mainstream web sites.”
The flaw affects all versions of Java 7, including Oracle Java 7 Update 10, which is the most recent version.
Experts say this is likely only the first of many Java zero-day attacks to come this year.
Find instructions on how to disable Java at the end of this report.
A report on darkreading.com says, “The beleaguered application (Java) has yet another new bug and is the target of attacks as several ad networks are being redirected to Blackhole exploit sites. "We have seen ads from legitimate sites, especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java 0day. These sites include weather sites, news sites, and of course, adult sites," said Kurt Baumgartner, a Kaspersky Lab expert, in a blog post today.
Word about the new Java bug and exploitation first came from a researcher who goes by the handle @Kafeine, and was later confirmed by several other researchers, including AlienVault Labs.
The nature of the flaw in Java itself has not yet been identified, but US-CERT has issued an alert confirming that Java 7 Update 10 and earlier are affected and could let "a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system."
“With some estimates suggesting that 34% of all PCs currently run a version of Java 7, the zero-day vulnerability may now be present on over 400 million systems, says the report from InformationWeek.
Attackers have reportedly been rushing to exploit the vulnerability, which in the past 24 hours has become “one of the most-seen exploits by antivirus software.”
- - HOW TO DISABLE JAVA - -
For the quickest way to disable Java go to nakedsecurity here
You can find out how to disable Java through the Control Panel option on your PC here
There Is another article about the Java virus issue and how to disable Java found here