Java exploits and pdf used to install malware

[Galdorf]

After checking the zero day malware site the one i use to test av's with the most exploits being used are java and pdf.

Link to java exploit:
Nifty Java bug could lead to attack
Researcher warns of impending PDF attack wave
They seem to be using this a lot i ran an unprotected virtual machine on many sites and ended up getting infected by fake av's i had a debugger running and found they were using java exploits more than anything else they really need to fix this.
I then ran a virtual machine that did not have java installed and did not get infected on those same sites, Sun really needs to plug up these security holes in java.

Quite a few customers are getting infected through shockwave flash adverts on facebook:
Malicious Facebook ad redirects to fake antivirus software

Lots of bad stuff with facebook lately:
Scam Facebook page attracts 40,000 victims seeking Ikea gift card
These people put in personal information which could be used for identity theft.

 

[Larry Sabo]

That's why it's a good idea to install and run Secunia Personal Software Inspector on infected (heck, all) machines and show the customer how to use it. It just takes a single click for them to fix vulnerabilities and runs in the background to alert on new ones. And it's free!

 

[Galdorf]

A customer caught this from facebook uses shockwave flash exploit from advert banner to inject:

They really need to fix this from what i hear 60-80k people have been infected thats why i use adblocker plus to prevent this from happening on my personal machines.

 

[Galdorf]

Oracle issues emergency Java patch to stop zero day attacks
Wow this has been around over a year and they finally get around to patch it lol.

 

[Galdorf]

Hmm they are using another java exploit after version 20 of java was updated, didn't take them long to find another exploit for java oracle really needs plug up these security holes.
What is really bad is that securina gave him 100% everything was up to date yet he still got the security tool fake av injected via zero day java exploit.
http://seclists.org/fulldisclosure/2010/Apr/119

lada gaga rihanna lyrics used to foist java exploit

heads up 0day itw rihanna is a lure

Wow just wow oracle put in a feature allowing a website to install software on users computer and did not think it would be used for malicious use? who do they have working there that does security work for their code????.

Atm java is a HUGE security risk even after version 20 to make your computer more safe it would be best to remove java it is just not worth the risk of having it installed so basically java in there ultimate wisdom decided to create a huge security risk in all of our computers and cellphones by adding this nifty feature looks like prime reason to launch a class action lawsuit as this effects millions of computer users across the world.

To test if your are vulnerable to this exploit a harmless example in the link below:

http://lock.cmpxchg8b.com/bb5eafbc6c6e67e11c4afc88b4e1dd22/testcase.html

This feature can be turned off in setting that is my advice if you need java disable the feature to allow software installation.