Users urged to disable Java as criminals exploit flaws to spread malware
Windows, Mac and Linux users are being warned of a dangerous Java flaw that could pose a threat to home PCs.
Security firm Websense confirmed that although the size of the attack is currently small it is likely to become serious very quickly. This is because criminals are using the popular Blackhole kit to use a vulnerability in Java 7, the latest update to Oracle's software, to install a banking Trojan on a PC.
It is believed up to 3 billion PCs may have Java installed but few people update or patch the software and there is currently no fix for this vulnerability.
The company warned it has also intercepted a malicious email campaign posing as anti-virus notifications that warn users that their accounts may be blocked.
These fake messages, which carry the name of big security software companies such as Norton and Sophos, state that the victim's email address has been sending infected email to the mail server, and that the situation may be remedied if the user clicks a on a link to download a free removal tool.
"The free tool is, of course, a malicious executable that connects to malicious websites, and then drops more executables on the victim's computer," warned Websense.
Updating your subscription status