March 7, 2013 By George Tubin 2 min read

The most frequent source of malware infections is Java. Due to the recent rash of zero-day vulnerabilities, many security experts recommend removing this programming language from all systems.

Three billion devices run Java, according to Oracle. Although disabling or uninstalling the script from home computers probably won’t have much of an effect on the typical home user, it’s not that simple to do so from enterprise endpoints when it’s used in so many business applications. Because enterprises depend heavily on this code for their internal business applications, IT security groups are concerned that removing it would break these applications.

Worse yet, some vendors provide tools that are bundled with or require vulnerable versions of Java.

An Old Cup of Java

One example is the Microsoft Forefront client. According to this Microsoft Tech Note, “For Java client components, client computers require JRE version 1.5. No other JRE version is supported.” This version includes hundreds of known vulnerabilities. It’s ironic that a security product could introduce multiple vulnerabilities that can be exploited to infect systems with malware. Fortunately, it seems that the Microsoft compatibility claims aren’t accurate, as machines have been seen running the Forefront client with JRE 7.

Another example comes from a recent blog from Brian Krebs regarding a free developer tool called SiteBuilder. This tool, offered by Yahoo, is bundled with an unsafe version of Java released over four years ago. Offered to millions of users, this tool introduces hundreds of known critical security vulnerabilities that can be used to remotely compromise the host PC.

A Lose-Lose Situation

This presents a significant problem for enterprise security teams. Removing Java and its vulnerable versions from enterprise endpoints is often impractical since many organizations need it to run system and Web applications. Moreover, vulnerable versions are bundled in a number of third-party vendor applications and some technical and creative development tools. If enterprises can’t remove the language from user endpoints, how can enterprises mitigate the risk of Java zero-day exploits?

IBM Security Trusteer Apex Advanced Malware Protection delivers a transparent solution that prevents exploitation of both known and zero-day, or unknown, Java vulnerabilities. Trusteer Apex’s distinctive Lockdown for Java feature enables the safe use of Java applications while preventing untrusted Java applications from executing high risk actions, such as writing to the file system or making changes to the registry. This helps ensure that legitimate business applications and virtually any Java application which performs non-risky action (such as displays functions) will not be disrupted, while malicious applications will be blocked from compromising the endpoint.

More from Threat Intelligence

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

Threat intelligence to protect vulnerable communities

2 min read - Key members of civil society—including journalists, political activists and human rights advocates—have long been in the cyber crosshairs of well-resourced nation-state threat actors but have scarce resources to protect themselves from cyber threats. On May 14, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released a High-Risk Communities Protection (HRCP) report developed through the Joint Cyber Defense Collaborative that addresses the threat to these vulnerable groups, with findings contributed by the X-Force Threat Intelligence team.Cyber criminals seek stolen credentialsThe HRCP…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today