According to Fire eye’s blog post by Atif Mustaq on 26-08-2012 a vulnerability in Java is exposed and it is a Zero- day Vulnerability and it will be really dangerous for those companies which are using java applications running on their computers, this vulnerability is being seen in limited attacks. Most of the recent Java run-time environments i.e., JRE 1.7x are vulnerable.
This is also cleared by Fire eye’s blog post that from where the exploit is being hosted, it is basically hosted on a domain named OK.XXX4.NET and this domain is resolving the I.P Address in China.
How it works?
- A Dropper will be installed (Dropper MsPMs) on infected systems.
- That Dropper will be located on the same server http://ok.xxx4.net/meeting/hi.exe
- Now Dropper.MsPMs further talks to its own CnC domain hello.icon.pk which is currently resolving to an I.P address 223.25.233.244 located in Singapore.
Till now there is no patch is issued by the Oracle and there is not a patch that you should disable java because it is not possible for the companies who is using java based application on their systems, Now it’s time to see Oracle’s Patch.
