Says Krebs:
My research shows the reason for the spike, and it precedes the 3rd quarter of 2010: Java exploits have been folded into a number of the top “exploit packs,” commercial crimeware kits sold in the hacker underground that make it simple to seed hacked or malicious sites with code that exploits a variety of browser flaws in a bid to install malware.
All automation, all the time. Point and click assaults on known threat vectors. If you install it, they will come.
I'm less concerned because I run Linux boxes, but I still exercise caution with the Java in my environment. Relying on Java's auto-update feature has proven woefully inadequate.
Krebs has previously recommended removing Java from your machine if possible, but it's so intertwined with browsers and third-party apps that successfully getting Java off and keeping it off is a Herculean task.
No comments:
Post a Comment
Please tell me what you think.