diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)

Aug172010

Unruy Trojan downloader uses CVE-2010-0094 Java Vulnerability – Security Update Available

Microsoft notify that “Unruy is a family of trojan downloaders and unsolicited advertisement “providers” and although you mightn’t have heard about it, it also is an infection vector for a rather prevalent family of rogues: Trojan:Win32/Fakespypro.” “Recently we discovered a variant of Win32/Unruy, namely TrojanDownloader:Win32/Unruy.D (6120ac9c363c6da7cd7f8bed4edd314f0d3d8f4e), that’s actively using Java vulnerability discussed in CVE-2010-0094. The vulnerability exploits a flaw in deserialization of RMIConnectionImpl objects. This flaw allows remote attackers to call, without proper sandboxing, system-level Java functions via ClassLoader of a constructor that’s being deserialized,” explains Microsoft.

Infection can occur when a user visits a webpage that hosts a malicious Java applet. If the user’s browser runs a vulnerable version of the Java Runtime Environment (up to version 6 update 18), exploitation may be successful and malware may be installed.

A security update for this vulnerability has been available since March 2010, and you must apply it as soon as possible.

[Source]

Share This Story, Choose Your Platform!

Do NOT follow this link or you will be banned from the site!