The Latest in IT Security

Additional Protection for Recent Java Zero-Day


Security Response recently blogged about the Java zero-day that is active in the wild and being distributed by the Cool Exploit Kit. In addition to Cool Exploit Kit, we are aware that several other major exploit kits such as Blackhole, Redkit, and Impact are also equipped to exploit this unpatched vulnerability.

Symantec Security Response is currently detecting JAR files served up by the various exploit kits as Trojan.Maljava and we have further protection in place with Trojan.Maljava!gen26.

Additionally, Symantec has released the following IPS signatures to proactively block the malicious JAR files associated with these exploit attempts:

By blocking the JAR files containing the exploit, downloading and execution of additional malicious files will not occur.

Our in-field telemetry shows IPS technology is blocking about 300,000 exploit kit attacks every day. The following heat map based on IPS detections for this exploit shows geographic distribution over the past week:


The United States Department of Homeland Security advised users to disable Java in their browsers until a patch is released for the vulnerability. It appears Oracle has just released the patch, and Symantec strongly urges all users of Java to download and install this patch as soon as possible.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments