Cyber criminals are exploiting vulnerabilities in Java to distribute malware on a larger scale than before, a study has revealed.
Increased efforts by suppliers of PDF readers to keep their products updated and greater awareness by users has helped reduced these exploits.
But Java vulnerabilities offer cyber criminals a lot of potential on the technical side, said researchers, and the development and distribution of malicious code is considerably easier than other methods of infecting a system.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Topping the list is Java.Trojan.Exploit.Bytverify.N, which exploits a security hole in Java's byte code verifier.
Using this exploit allows the execution of malicious code which could enable an attacker to gain control over a victim's system.
This Trojan is typically found on hacked websites, where it attempts to infect PCs through drive-by download through a manipulated Java applet, researchers said.
Just visiting an infected website with an unprotected computer will be enough to infect a system, said Ralf Benzmüller, head of G Data SecurityLabs.
"We have noticed an increasing amount of attacks based on security holes in Java," he said. "Users who do not keep their installed version of Java updated are especially at risk."
Every available software update and security patch should be installed as quickly as possible to close any security holes, said Benzmüller.
As of October 2010, three variants of this Trojan have made it into G Data's malware Top 10.