Java Exploit Used In Red October Malware Infections

Java is a mess; Oracle’s software has become a popular target of cybercriminals, and news about Java exploits is becoming more and more common, even as the solutions Oracle provides offer little comfort.

Wait, it gets worse: According to Kaspersky Labs and security company Seculert, the terrifying and massive Red October botnet espionage campaign that swiped sensitive data from governments worldwide used Java exploits to penetrate some systems.

Red October

Specifically, the exploit in question is CVE-2011-3544, which is present in Java 7 and 6 (update 27) and allows “remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting”.

The hole was patched in 2011, but Red October (aka “Rocra”) started operating as far back as 2007, giving cybercriminals about four years of free reign before Oracle issued a patch.