Cisco Blogs


Cisco Blog > Security

New Java Vulnerability Used in Targeted Attacks

Security researchers discovered a Java vulnerability (documented in IntelliShield alert 26751) that attackers are using to install malicious software on a victim’s systems. No software updates are available that correct the vulnerability (Updates are now available, see Part 2 of the blog).  The attacks are currently limited in nature. There have been few reports of attacks that rely on the vulnerability. Now that Metasploit developed a functional exploit, continued attacks that leverage this vulnerability increase in likelihood as time goes on. US-CERT has issued a related vulnerability note. Administrators can monitor this and other ongoing activity at the Cisco Security Intelligence Operations portal.

It is not yet clear what attackers hope to gain out of the attacks observed in the wild. Goals may differ between individual attacks. Current exploits appear to install a malicious software dropper that may install other malicious software, but to what end is unknown. Attackers may attempt to install malicious software that monitors keyboard input and network communication, hoping to gain user credentials for either external resources to aid in fraudulent activity or to access other internal systems within the targeted site.
Read More »

Tags: , , ,

Resurrecting MPI and Java

January 28, 2012 at 8:21 am PST

Back in the ’90s, there was a huge bubble of activity about Java in academic circles.  It was the new language that was going to take over the world.  An immense amount of research was produced mapping classic computer science issues into Java.

Among the projects produced were several that tried to bring MPI to Java.  That is, they added a set of Java bindings over existing C-based MPI implementations.  However, many in the HPC crowd eschewed Java for compute- or communication-heavy applications because of performance overheads inherent to the Java language and runtime implementations.

Hence, the Java+MPI=HPC efforts didn’t get too much traction.

But even though the computer science Java bubble eventually ended, Java has become quite an important language in the enterprise.  Java run-time environments, compilers, and programming models have steadily improved over the years.  Java is now commonly used for many different types of compute-heavy enterprise applications.

Read More »

Tags: , ,

Downloading, Carts and Java

February 22, 2011 at 4:44 pm PST

More than a year ago, we introduced a feature in the Cisco.com download flow that allows you to download multiple images at once, which are stored in a cart.  This feature was created at the request of customers and partners, some 42% of whom told us they really needed multi-file downloads.  At the time, the cart feature only used Java, which was a challenge for some users. But back in October we introduced a “non-Java” setting for the cart.  Even though this has been active for a few months, I thought I would point it out in case you haven’t noticed it yet.

Here’s how it works.  If you want a simple list – rather than the Java-based Download Manager – just look for the “Non Java Download” option when you get to the download cart screen:

If you select this as your default, you’ll see the following screen instead of the download manager.  No Java needed. This is all customizable by you!

We’re continuing to work on the download flows in order to support a wide range of download scenarios. I know the Cisco.com download team would like to hear from you about specific needs you have around the download experience, and if you leave a (polite, honest and thoughtful) comment here they will read your comments and can follow up with your directly.

P.S. Just so you don’t complain that I’m a complete Java-hater of some kind, here is my coffee cup :-)

Tags: , ,

Java Exploits Another Example of Tomorrow’s Threat Landscape, Today

The last two years seem dominated by PDF vulnerabilities. As far as the specification and its various readers are concerned, there is likely more sour fruit yet to be uncovered; it’s simply too complex and full of dangerous “features.” But a few blogs have recently hinted that there may be a new vector emerging with surprising popularity. Brian Krebs suggests that exploit crimeware packages have begun reporting significant success rates with Java exploits; data collected by the Microsoft Malware Protection Center (MMPC) seems to agree. After taking a look at what Cisco ScanSafe had to share on the topic, it seems clear that the threat landscape appears to be shifting under our noses.

Read More »

Tags: , ,

Exploring a Java Bot: Part 3

January 19, 2010 at 1:18 pm PST

Before we begin part 3 in this series, let’s review what we’ve covered so far. In the first post we learned how this bot was discovered and some basics about botnets. In the second post we covered botnet fundamentals like command and control (C&C) and various other capabilities. In this post we will examine some of the offensive features incorporated into a botnet designed to launch attacks and maintain control of hosts (aka victims). First we will discuss how botnets spread and then we will look at flooding and how it’s implemented in this bot.

There are two main ways malware spreads. It’s important to note that these two methods are not mutually exclusive. The first method, made famous by the Morris worm, involves targeting a network-based vulnerability; the author designs an exploit to spread his malware. Once the malware takes over a machine it then infects other machines. Every time the binary moves from one machine to another the botnet has the potential to see exponential growth. Most vulnerabilities only affect a specific operating system at a specific range of patch levels. Malware of this nature often hits big and then its growth rate takes a steep dive as patches become available and as malware is removed. Once the vulnerability is patched, the malware must adapt or accept a shrinking attack surface. Two recent examples of this method are Conficker and Slammer. It is important to note the distinction between the growth rate slowing down and the number of compromised machines. There are still countless machines connected to the Internet running both worms. Even as the growth rate approaches zero, many, many computers have already been infected and continue to run the malware. In two days time on a single Intrusion Prevention System (IPS) we saw over 178,000 slammer attacks.

An attacker simply needs to trick an unsuspecting user into running a binary that is under the control of the attacker. This attack vector is known as a trojan horse. A malware author would package his wares as a link from a friend, a new game of interest, or even a program to create keys for pirated software, etc.

Read More »

Tags: , , , ,