By Alexandra Burlacu | Mar 02, 2013 10:03 AM EST
Java continues to ravage everything, as two more "zero-day" exploits are making the rounds just a few days after the last zero-day vulnerability got a patch.
Researchers just uncovered more security threats in Java, and attackers are currently exploiting vulnerabilities in the wild.
According to Kaspersky, one of the vulnerabilities is a recent exploit of the latest runtime's attempts to install a McRAT executable file by overwriting memory in the JVM to trigger that executable to run.
Once users install the executable file, the McRAT malware will try to contact command and control (C&C) servers and copy itself into dll files in Windows systems.
While this malware is specifically for Windows, Intego describes a second Trojan disguised as a Java executable called "Minecraft Hack Kit," which in fact steals Minecraft passwords. The kit masks as a tool to help Minecraft users perform moderator tasks such as banning or kicking other users in the game.
Instead of the alleged "Minecraft Hack Kit," the program will actually install three new applets and a Launch Agent script that keeps them constantly running in the background. In turn, these secondary payload programs are designed to steal Minecraft credentials and send them to various Hotmail accounts.
The new threats are not of utmost severity, and the Minecraft malware is specific to Minecraft players who have Java installed. Nonetheless, they do add to an explosion of Java zero-day vulnerabilities exploited in the wild over the last two months. Java has been a popular attack target for a long time and it never seems to end. A zero-day vulnerability pops up and the company issues a patch only to have other zero-days surfacing in no time.
Oracle is well-known for its delay in releasing patches, but in the past year it had no choice but to release several emergency updates because the bugs were serious. The newly-found bugs will likely prompt yet another emergency patch.
The best thing according to several reports is to disable Java altogether and get off this roller coaster of bugs and patches that never seems to stop. Those who really need Java, meanwhile, can keep it in a secondary browser and make sure to always keep it up to date.
© 2013 Mobile & Apps All rights reserved. Do not reproduce without permission.