Java’s new “very high” security mode can’t protect you from malware

Security researchers have uncovered a newly discovered bug in Oracle's Java framework that allows attackers to bypass important security protections designed to prevent malware attacks.

The security improvements were introduced in Java 7 Update 10, and they came after a spate of in-the-wild attacks exploited fully patched versions of Java. Those allowed crooks to surreptitiously install malware on the computers of unsuspecting people using Java browser plugins. By default, the change required end users to manually allow the execution of Java code not digitally signed by a trusted authority. Users also had the ability to prevent any unsigned Java applet from running at all. Some security experts praised Oracle for adding the feature because it promised to drastically reduce the success of attacks that exploit security bugs in Java.

"Unfortunately, the above is only a theory," security researcher Adam Gowdiak wrote on Sunday, referring to the way the protections are supposed to block untrusted code from running on end-user computers. "In practice, it is possible to execute an unsigned (and malicious!) Java code without a prompt corresponding to security settings configured in Java Control Panel."

Read 2 remaining paragraphs | Comments

Upswing in Ransomware Activity

As we predicted toward the end of last year, we are once again seeing an upswing in ransomware activity in 2013. The ransomware extortion scam has been in existence now for a number of years but its popularity among cybercriminals has grown over the last two years and it continues to indiscriminately plague computer users in greater numbers. Symantec has tracked this growing menace in various blogs, a whitepaper, and a video.

In the last week Symantec has observed a new spike in ransomware activity being seen worldwide. While several variants of the ransomware threat are responsible for the overall spike, the main ransomware variant being observed is Trojan.Ransomlock.Y. This variant is being distributed through pornographic websites leading to the Impact Exploit kit. Symantec has the following Intrusion Prevention Signatures (IPS) in place for the Impact Exploit kit and is observing a similar telemetry spike around detections of this exploit kit:

 

Figure 1. Screenshot of Trojan.Ransomlock.Y

 

If you are a victim of a ransomware extortion scam, the golden rule is not to pay the ransom to the cybercriminals. Payment in no way guarantees that your computer will be unlocked and can be a costly mistake. By paying any such ransom it also fuels further cybercrimes. Symantec provides a set of removal instructions that can help remove these threats.