Feeds

Java malware spotted using stolen certificate

Same day as latest patch

Choosing a cloud hosting partner with confidence

If you haven't already run in the latest Java patch (issued yesterday), here's another good reason to do so: someone has turned up an exploit that uses signed code.

In this post, Eric Romang looks at a malicious applet that comes with a signature using credentials stolen from Clearesult Consulting in the US.

The stolen private key was posted to Pastebin. Even though the applet is using a now-revoked certificate, it seems that it's up to the user to check the revocation lists. Otherwise, if they trusted the assertion that the applet is signed, they would be well on the way to an infection.

The malicious applet probably had only limited exposure, since it was hosted at a German dictionary (http://dict.tu-chemnitz.de/) site that was infected with the g01pack exploit kit.

However, according to the Twitter message that first raised the alarm, the exploit was spotted on a machine running the version of Java that Oracle made obsolete yesterday (March 4, US time).

It'll still warrant testing, though. Announcing the patch, Oracle's Eric Maurice said the new install set Java's security settings to “High” by default, demanding that users authorize unsigned or self-signed apps before running them.

“In order to protect themselves, desktop users should only allow the execution of applets when they expect such applets and trust their origin,” Oracle advises.

If the applet reported by Romang behaves as he describes, it still seems feasible to El Reg that a user might okay the installation rather than checking a revocation list to make sure the certificate is current.

Alternatively, the remaining Java users could just get rid of it. ®

Beginner's guide to SSL certificates

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.