Unpatched Java Flaw Abused on Songlyrics.com
According to a warning from security researchers on April 14, 2010, hackers are exploiting a yet-to-be-patched vulnerability in Java to attack people visiting a website for song lyrics. They also warn that additional attacks are expected in the forthcoming days.
Said Chief Research Officer Roger Thompson of AVG, the vulnerability in Java Web Start, revealed during the beginning week of April 2010, affected Windows PCs having Internet Explorer and Firefox browsers. Cnet news published this on April 14, 2010.
Attackers acted fast to exploit the Java flaw. According to Thompson, the code used in the attack is very easy that enables it to be copied. Thus, it's not at all surprising that researchers were able to spot it within only 5 days after the attack, he adds. ComputerWorld published this on April 14, 2010.
The researcher discovered that attack codes were prevalent for in both Java and Adobe Reader. These codes existed on Russian servers and were pushed due to PCs accessing Songlyrics.com. The affected website was sanitized later on, Thompson said.
Actually, when a user visited the website, malevolent malicious iFrame in one among the several advertisements on the site connected his PC to the Russian computer servers entertaining the codes, even if the advertisement wasn't clicked. One code displayed the terms-of-use of Adobe Reader on Windows, while the other aimed at another server from where it pulled a malevolent Java file.
Reportedly, hackers are also abusing lyric websites for singers like Lady Gaga, Miley Cyrus and Rihanna for executing the attack. By just going to these infected websites, users can become victimized. So if attackers can tactfully get users to access a malevolent site having the attack code, they can execute malware on their computers.
Revealed the researchers, Windows users operating Mozilla's Firefox and Microsoft's Internet Explorer are in danger, provided the browser plug-in with Java is deployed. While Chrome seems apparently free from the trouble, it's not sure, Thompson cautioned.
Meanwhile, with the attack code is likely to spread further, Thompson said that Oracle's Sun needed to release an urgent security update to patch the flaw. SCMagazine published this on April 14, 2010.
» SPAMfighter News - 27-04-2010