diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)

Aug172010

Unruy Trojan downloader uses CVE-2010-0094 Java Vulnerability – Security Update Available

Microsoft notify that “Unruy is a family of trojan downloaders and unsolicited advertisement “providers” and although you mightn’t have heard about it, it also is an infection vector for a rather prevalent family of rogues: Trojan:Win32/Fakespypro.” “Recently we discovered a variant of Win32/Unruy, namely TrojanDownloader:Win32/Unruy.D (6120ac9c363c6da7cd7f8bed4edd314f0d3d8f4e), that’s actively using Java vulnerability discussed in CVE-2010-0094. The vulnerability exploits a flaw in deserialization of RMIConnectionImpl objects. This flaw allows remote attackers to call, without proper sandboxing, system-level Java functions via ClassLoader of a constructor that’s being deserialized,” explains Microsoft.

Infection can occur when a user visits a webpage that hosts a malicious Java applet. If the user’s browser runs a vulnerable version of the Java Runtime Environment (up to version 6 update 18), exploitation may be successful and malware may be installed.

A security update for this vulnerability has been available since March 2010, and you must apply it as soon as possible.

[Source]

Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...