Earlier unknown and at present an open bug in system of safety of the last version Java framework now is in active use on the Internet, specialists in information security warn.
Attacking the code exploits a vulnerability in the browser plug-Java, and it has already been added to the exploit-kits Blackhole, Cool, Nuclear Pack and Redkit, which points to the fact widely known bug in the hacker community. Security experts reported that the attackers placed on hacked sites specific code, which causes execution vulnerability and then installed on the laptop offering keyloggers and other types of spyware.
According to the company Alienvault Labs, attack works even against a fully updated and properly configured environment Java 7. While Oracle has not released a fix, experts recommend or reject the use of plug-in, or make it connect optional.
More detailed information about a bug is available at https://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/ and http://malware.dontneedcoffee.com/2013/01/0 -day-17u10-spotted-in-while-disable.html